Actually I may have found a bug with this.  Are you using virtual ips?

On 4/18/06, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> Yep.  Why was it on to begin with?
>
>
> On 4/18/06, Gary Buckmaster <[EMAIL PROTECTED]> wrote:
> > So after saving the page with pfsync disabled, I need to reboot the
> > firewall to completely turn it off?
> >
> > Scott Ullrich wrote:
> > > It most likely will not "change" the pfsync association until the next 
> > > reboot.
> > >
> > > On 4/18/06, Gary Buckmaster <[EMAIL PROTECTED]> wrote:
> > >
> > >> Yeah and I tried that, it had no effect.  And as I said earlier in my
> > >> post, I turned it on and saved, turned it off and saved and no effect.
> > >> Changing the sync interface, even with synchronization turned off does
> > >> have an effect (which it shouldn't IMHO but that's another story).
> > >>
> > >> -Gary
> > >>
> > >> Scott Ullrich wrote:
> > >>
> > >>> Should be safe.   But then again turning off pfSync should remove the
> > >>> tag as well.
> > >>>
> > >>> On 4/18/06, Gary Buckmaster <[EMAIL PROTECTED]> wrote:
> > >>>
> > >>>
> > >>>> Scott,
> > >>>>
> > >>>> I agree that that's how it *should* be working, but that's not what's
> > >>>> currently happening on this box.  I'd like, very much to stop the
> > >>>> madness without requiring a complete re-install.  Am I safe simply
> > >>>> removing the pfsyncenabled tag from my config file or is there more
> > >>>> involved?
> > >>>>
> > >>>> -Gary
> > >>>>
> > >>>> Scott Ullrich wrote:
> > >>>>
> > >>>>
> > >>>>> If you are not using CARP/pfSync then it should be bound to the
> > >>>>> loopback adapter broadcasting nothing.
> > >>>>>
> > >>>>> On 4/18/06, Holger Bauer <[EMAIL PROTECTED]> wrote:
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>> There has been a lot of movement between your initial installed 
> > >>>>>> version and beta3. The cleanest thing really would be a reinstall 
> > >>>>>> from scratch :-/ but you might want to wait for scott's or bill's 
> > >>>>>> thoughts on this behavior first.
> > >>>>>>
> > >>>>>> Holger
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>> -----Original Message-----
> > >>>>>>> From: Gary Buckmaster [mailto:[EMAIL PROTECTED]
> > >>>>>>> Sent: Tuesday, April 18, 2006 4:45 PM
> > >>>>>>> To: [email protected]
> > >>>>>>> Subject: Re: [pfSense Support] Massive amounts of pfsync traffic 
> > >>>>>>> when
> > >>>>>>> CARPisturned off
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> Holger,
> > >>>>>>>
> > >>>>>>> Actually, that doesn't work.  Hitting save on its own doesn't
> > >>>>>>> turn off
> > >>>>>>> the synchronization.  Enabling, then saving, then disabling
> > >>>>>>> and saving
> > >>>>>>> again, also doesn't turn it off.  If I leave it disabled in
> > >>>>>>> the WebGUI
> > >>>>>>> and then change the sync interface to WAN, all the sync
> > >>>>>>> traffic moves to
> > >>>>>>> the WAN interface.  Changing it back to LAN moves the sync
> > >>>>>>> traffic back.
> > >>>>>>>
> > >>>>>>> -Gary
> > >>>>>>>
> > >>>>>>> Holger Bauer wrote:
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>> Just hit save at the CARP-Settings with all options turned
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>> off. It should save all necessary settings and apply the changes.
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>> Holger
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>> -----Original Message-----
> > >>>>>>>>> From: Gary Buckmaster [mailto:[EMAIL PROTECTED]
> > >>>>>>>>> Sent: Tuesday, April 18, 2006 4:37 PM
> > >>>>>>>>> To: [email protected]
> > >>>>>>>>> Subject: Re: [pfSense Support] Massive amounts of pfsync
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>> traffic when
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>>> CARPis turned off
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>> Holger,
> > >>>>>>>>>
> > >>>>>>>>> The WebGUI shows CARP completely turned off, as it should be.  The
> > >>>>>>>>> config file has been with me, more or less, since 0.95 but
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>> always on
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>>> that machine.  CARP had been turned on at one time on that
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>> machine,
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>>> however it was completely disabled.  I suspect that I
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>> simply need to
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>>> remove the line from my config file to turn it off.  Is that
> > >>>>>>>>> a correct
> > >>>>>>>>> statement or do I need to remove other lines as well?  I'd
> > >>>>>>>>> rather avoid
> > >>>>>>>>> doing a complete re-install if at all possible.  Thanks
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>> for your help.
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>>> -Gary
> > >>>>>>>>>
> > >>>>>>>>> Holger Bauer wrote:
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>> Is this an imported config? CARP config options are located
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>> at Interfaces>Virtual IPs, CARP settings tab. Disable all
> > >>>>>>>>> options there, save and apply. Does this fix it? Btw, I
> > >>>>>>>>> haven't noticed that behavior with my embedded beta3 build.
> > >>>>>>>>> Maybe you are runni
> > >>>>>>>>> ng into some kind of upgrade bug. If nothing helps I
> > >>>>>>>>> recommend reinstalling a fresh Beta3 :-/
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>> Holger
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>> -----Original Message-----
> > >>>>>>>>>>> From: Gary Buckmaster [mailto:[EMAIL PROTECTED]
> > >>>>>>>>>>> Sent: Tuesday, April 18, 2006 4:26 PM
> > >>>>>>>>>>> To: [email protected]
> > >>>>>>>>>>> Subject: [pfSense Support] Massive amounts of pfsync
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>> traffic when CARP
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>>> is turned off
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>> I just noticed my pfSense (now upgraded to Beta3, thanks
> > >>>>>>>>>>> guys!) machine
> > >>>>>>>>>>> multicasting pfsync traffic of biblical proportions.  This was a
> > >>>>>>>>>>> surprise to me because I don't have CARP enabled on this box.
> > >>>>>>>>>>>  In poking
> > >>>>>>>>>>> around in my machine's config file I see the following entry:
> > >>>>>>>>>>>
> > >>>>>>>>>>> - <#> <carpsettings>
> > >>>>>>>>>>> - <#> <config>
> > >>>>>>>>>>>   <pfsyncenabled />   <<<<---------- point of interest
> > >>>>>>>>>>>   <pfsyncinterface>LAN</pfsyncinterface>
> > >>>>>>>>>>>   <balancing />
> > >>>>>>>>>>>   <premption />
> > >>>>>>>>>>>   <synchronizerules />
> > >>>>>>>>>>>   <synchronizealiases />
> > >>>>>>>>>>>   <synchronizenat />
> > >>>>>>>>>>>   <synchronizeipsec />
> > >>>>>>>>>>>   <synchronizewol />
> > >>>>>>>>>>>   <synchronizestaticroutes />
> > >>>>>>>>>>>   <synchronizelb />
> > >>>>>>>>>>>   <synchronizevirtualip />
> > >>>>>>>>>>>   <synchronizetrafficshaper />
> > >>>>>>>>>>>   <synchronizetoip />
> > >>>>>>>>>>>   <password />
> > >>>>>>>>>>>   </config>
> > >>>>>>>>>>>   </carpsettings>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>> Does this mean that, pfsync is enabled anyhow?  How can I
> > >>>>>>>>>>> make the bad
> > >>>>>>>>>>> man stop?  It's really hosing one of my switches.
> > >>>>>>>>>>>
> > >>>>>>>>>>> Best,
> > >>>>>>>>>>>
> > >>>>>>>>>>> Gary
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>> ---------------------------------------------------------------------
> > >>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
> > >>>> For additional commands, e-mail: [EMAIL PROTECTED]
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>> ---------------------------------------------------------------------
> > >>> To unsubscribe, e-mail: [EMAIL PROTECTED]
> > >>> For additional commands, e-mail: [EMAIL PROTECTED]
> > >>>
> > >>>
> > >>>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> > >> For additional commands, e-mail: [EMAIL PROTECTED]
> > >>
> > >>
> > >>
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to