4. My NICs need promiscious mode on to see CARP. How do I set that on permanently?

My NICs need promiscious mode on to see CARP. How do I set that on permanently?

  • W

    After an upgrade to pfSense 2.3.4 CARP went bad. Using Diagnostics > Packet Capture it turns out the second system now can only see the first system's CARP announcements if the Promiscuous Mode box there is checked. How do I get my systems set so that promiscuous mode is on? I don't see an option for that in the Interface config screen. I'm sure there's some CLI FreeBSD way to do that. What would that be, in the pfSense variant, and how would I make sure it sticks between boots?

    Thanks!

    Here's the difference, on identical hardware, between the NIC settings first with pfSense 2.3.3-RELEASE-p1:

    [2.3.3-RELEASE][root@c01-net-fw01.eis.local]/root: ifconfig | grep PROM
    igb0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    igb2: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    igb3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    bge0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    pflog0: flags=100 <promisc>metric 0 mtu 33160
    lagg1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    lagg1_vlan19: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500

    Then with pfSense 2.3.4:

    [2.3.4-RELEASE][root@c01-net-fw02.eis.local]/etc: ifconfig | grep PROM
    igb0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    bge0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
    pflog0: flags=100 <promisc>metric 0 mtu 33160
    lagg1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500

    The other interfaces are all there in 2.3.4, just without the PROMISC flag set. That's what I need to fix.</up,broadcast,running,promisc,simplex,multicast></promisc></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></promisc></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast>

    0
  • LAYER 8 Global Moderator

    Why should promisc have to be enabled?  Not making any sense.. Is this on some sort of virtual distributed switch?

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy