CARP interface getting filtered when first box goes down.

  • Sorry for the board spam, I had a list of things I mean to get posted here.

    I have a system where I have 3 CARP VIP's, WAN, LAN, and OPT1, with matching CARP0, CARP1, and CARP2.

    I send the first box down for a reboot with a running ping to a system behind the firewalls.  As soon as CARP kicks in, traffic gets blocked, and I see this in the logs:

    Jun 28 20:08:41  CARP2  ICMP
    Jun 28 20:08:42 CARP2 ICMP
    Jun 28 20:08:43 CARP2 ICMP
    Jun 28 20:08:44 CARP2 ICMP
    Jun 28 20:08:45 CARP2 ICMP

    Uh….interface CARP2 is filtering traffic, which is really OPT1, and OPT1 has an allow any any rule on it.  ????

    Thoughts?  As soon as the first box returns, traffic gets passed again.

  • Make sure there is no rules mismatch between the 2 systems. Also clicking the small icon in front of the syslog line will tell you which rule caused the block.

Log in to reply