Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP interface getting filtered when first box goes down.

    HA/CARP/VIPs
    2
    2
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Numbski
      last edited by

      Sorry for the board spam, I had a list of things I mean to get posted here.

      I have a system where I have 3 CARP VIP's, WAN, LAN, and OPT1, with matching CARP0, CARP1, and CARP2.

      I send the first box down for a reboot with a running ping to a system behind the firewalls.  As soon as CARP kicks in, traffic gets blocked, and I see this in the logs:

      Jun 28 20:08:41  CARP2  208.231.66.99  206.80.89.194  ICMP
      Jun 28 20:08:42 CARP2 208.231.66.99 206.80.89.194 ICMP
      Jun 28 20:08:43 CARP2 208.231.66.99 206.80.89.194 ICMP
      Jun 28 20:08:44 CARP2 208.231.66.99 206.80.89.194 ICMP
      Jun 28 20:08:45 CARP2 208.231.66.99 206.80.89.194 ICMP

      Uh….interface CARP2 is filtering traffic, which is really OPT1, and OPT1 has an allow any any rule on it.  ????

      Thoughts?  As soon as the first box returns, traffic gets passed again.

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Make sure there is no rules mismatch between the 2 systems. Also clicking the small icon in front of the syslog line will tell you which rule caused the block.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.