Chris Buechler wrote:
On Wed, Oct 14, 2009 at 11:37 AM, Evgeny Yurchenko <[email protected]> wrote:
Hello all!
There must be something simple here. Please explain! Nothing is coming from
LAN to WAN.
*1.2.3-RC1* built on Wed Apr 22 15:45:47 EDT 2009 with carp on lan and wan.
LAN=em1
pass in quick on em1 all flags S/SA keep state label "USER_RULE: "
In logs I have:
pf: 1. 000562 rule 112/0(match): block out on carp0: (tos 0x0, ttl 63, id
2596, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.8.34 >
137.199.84.248: ICMP echo request, id 36366, seq 6130, length 64
Upgrade. We removed rules for CARP interfaces because the OpenBSD
documentation says they shouldn't be there, but it actually does need
to be. It's been added back in RC3.
Just upgraded to *1.2.3-RC3* built on Tue Oct 6 01:32:12 UTC 2009
Situation is not resolved but logs chaged. Now it is blocked IN on carp0:
pf: 999479 rule 175/0(match): block in on carp0: (tos 0x0, ttl 63, id
247, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.8.34 >
137.199.84.249: ICMP echo request, id 29730, seq 180, length 64
But this packet does not arrive at carp0! How is that possible? ICMP
packet arrives at em1 with carp1 and is supposed to go out of em0 with
carp0.
Please advise...
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
