Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    My NICs need promiscious mode on to see CARP. How do I set that on permanently?

    HA/CARP/VIPs
    2
    2
    886
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      whitwye
      last edited by

      After an upgrade to pfSense 2.3.4 CARP went bad. Using Diagnostics > Packet Capture it turns out the second system now can only see the first system's CARP announcements if the Promiscuous Mode box there is checked. How do I get my systems set so that promiscuous mode is on? I don't see an option for that in the Interface config screen. I'm sure there's some CLI FreeBSD way to do that. What would that be, in the pfSense variant, and how would I make sure it sticks between boots?

      Thanks!

      Here's the difference, on identical hardware, between the NIC settings first with pfSense 2.3.3-RELEASE-p1:

      [2.3.3-RELEASE][root@c01-net-fw01.eis.local]/root: ifconfig | grep PROM
      igb0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
      igb2: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
      igb3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
      bge0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
      pflog0: flags=100 <promisc>metric 0 mtu 33160
      lagg1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
      lagg1_vlan19: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500

      Then with pfSense 2.3.4:

      [2.3.4-RELEASE][root@c01-net-fw02.eis.local]/etc: ifconfig | grep PROM
      igb0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
      bge0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
      pflog0: flags=100 <promisc>metric 0 mtu 33160
      lagg1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500

      The other interfaces are all there in 2.3.4, just without the PROMISC flag set. That's what I need to fix.</up,broadcast,running,promisc,simplex,multicast></promisc></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></promisc></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast>

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Why should promisc have to be enabled?  Not making any sense.. Is this on some sort of virtual distributed switch?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.