try doing a tcpdump -i pfsync0
you should see traffic if not make sure the iface shows something like
this in a ifconfig
pfsync0: flags=41<UP,RUNNING> mtu 1348
pfsync: syncdev: em1 syncpeer: 192.168.10.3 maxupd: 128
also
tcpdump -n -e -ttt -i pflog0
can show hints about where your rules are obeying you without consulting
the do_what_I_mean bit.
Chad M Stewart wrote:
On Nov 16, 2005, at 3:57 PM, Tobias Walkowiak wrote:
I just set up 2 redundant firewalls that use CARP / pfsync. I ran
into the
fact that everything works fine but when shutting down the MASTER, the
BACKUP doesn't take over the states of the connections. Is that
intended or
did I do something wrong? I configured my systems exactly the way the
man
pages and tutorials told me and I'm not using ifstated.
Something is wrong. I've setup such a environment and it works, state
passes between the firewalls. If state is not passing then something
is wrong with the configuration.
Search the archives of this list and/or the pf list.
-Chad
What I hoped is that even the whole master can fail without being
noticed
for the existing sessions.
TIA
--
tobias
