NATted outbound traffic sometimes uses backup CARP IP on LACP/LAGG interface
Dave Cottlehuber
dch at skunkwerks.at
Fri Sep 15 09:38:08 UTC 2017
On Thu, 14 Sep 2017, at 23:32, Kristof Provost wrote:
> On 14 Sep 2017, at 16:21, Dave Cottlehuber wrote:
> > Outgoing traffic (from a jail) via PF NAT over a LAGG/LACP sometimes
> > has the *backup* CARP IP address assigned to it.
> >
> I think this is your problem. You’re telling pf to nat to the IP
> address of lagg0, but lagg0 has multiple addresses assigned.
>
> ‘(lagg0:0)’ should work, or just use the IP address.
Thanks Kristof!
($if:0) works perfectly, but I'll need to reboot to test this with the
original carp setup though.
Can you explain what $if:0 resolves to, for example how does it relate
to to the primary ipv4/6 addresses bound to that interface?
I couldn't find a reference in the usual ifconfig manpages about this
(ifname:#) format, the BNF grammar for pf.conf doesn't cover it either,
and `pfctl -vnf ...` simply shows (lagg0:0).
A+
Dave
More information about the freebsd-net
mailing list