4. My NICs need promiscious mode on to see CARP. How do I set that on permanently?

My NICs need promiscious mode on to see CARP. How do I set that on permanently?

  • W

    After an upgrade to pfSense 2.3.4 CARP went bad. Using Diagnostics > Packet Capture it turns out the second system now can only see the first system's CARP announcements if the Promiscuous Mode box there is checked. How do I get my systems set so that promiscuous mode is on? I don't see an option for that in the Interface config screen. I'm sure there's some CLI FreeBSD way to do that. What would that be, in the pfSense variant, and how would I make sure it sticks between boots?

    Thanks!

    Here's the difference, on identical hardware, between the NIC settings first with pfSense 2.3.3-RELEASE-p1:

    [2.3.3-RELEASE][root@c01-net-fw01.eis.local]/root: ifconfig | grep PROM
    igb0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    igb2: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    igb3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    bge0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    pflog0: flags=100 <promisc>metric 0 mtu 33160
    lagg1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    lagg1_vlan19: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500

    Then with pfSense 2.3.4:

    [2.3.4-RELEASE][root@c01-net-fw02.eis.local]/etc: ifconfig | grep PROM
    igb0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    bge0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    pflog0: flags=100 <promisc>metric 0 mtu 33160
    lagg1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500

    The other interfaces are all there in 2.3.4, just without the PROMISC flag set. That's what I need to fix.</up,broadcast,running,promisc,simplex,multicast></promisc></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></promisc></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast>

    0
  • LAYER 8 Global Moderator

    Why should promisc have to be enabled?  Not making any sense.. Is this on some sort of virtual distributed switch?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy