PFSync Not Working Correctly
Kian Mohageri
kian.mohageri at gmail.com
Tue Feb 6 22:18:49 UTC 2007
On 2/6/07, Michael K. Smith - Adhost <mksmith at adhost.com> wrote:
>
> Hello All:
>
> I have two 6.2 RELEASE servers working in failover mode as PF Load
> Balancers. When the MASTER box is failed (through reboot or interface
> shutdown, etc.) the BACKUP box becomes MASTER as expected, but
> connections that existed through the MASTER before the failover do not
> transfer as expected to the new MASTER. New connections work
> immediately.
>
> When I issue a 'pfctl -vvss' the established connection shows up
> correctly in the state tables on both machines, so I would expect the
> established connection to work immediately upon failover.
>
> If anyone has any insights I'd be grateful. I can also post any
> relevent output or config snippets if someone thinks they would help.
Increase pf verbosity, and also tcpdump -i pflog0 (you do block log, right?)
on your new MASTER when connections are failing. That will tell you if
there is a state mismatch going on when connections fail over. You first
want to make sure the mid-connection packets are even reaching the new
master.
--
Kian Mohageri
More information about the freebsd-pf
mailing list