Odd VRRP messages in system log (RC1, AMD64)



  • We're seeing some odd messages in the system log/firewall tab on 2.0 RC1 AMD64.  I don't think they are serious, but with ~10 per second it causes a lot of info in the logs.

    Feb 28 11:09:55 WAN   74.xxx.xxx.xxx   224.0.0.18: VRRPv2, Advertisement, vrid 201, prio 0, authtype none, intvl 1s, length 36, addrs(7) VRRP

    Feb 28 11:09:55 WAN   74.xxx.xxx.xxx   224.0.0.18: VRRPv2, Advertisement, vrid 201, prio 0, authtype none, intvl 1s, length 36, addrs(7) VRRP

    I've tried setting up a rule to pass these without logging to get them off the logging page but that doesn't seem to work.  Also disabled blogons as the 224.x address falls in one of the blogon ranges.

    Any suggestions?

    thanks a bunch.

    John

    PS: We did see this in BETA5 as well so please don't assume it's a regression with RC!!!!!!!


  • Rebel Alliance Developer Netgate

    That's just CARP traffic.

    You can block and not log it on the WAN firewall rules by picking "carp" as the protocol. (block carp from * to *)

    Unless you are using CARP, that should be safe.



  • Hi,

    thanks for taking the time to reply.

    I actually have a rule on the WAN just like you suggest block carp * to * nolog and I am still getting the logs.  That is why I am questioning the behavior as I know under 1.2.3 I had similar and was able to set a rule to do this very same thing.

    thanks.

    John

    @jimp:

    That's just CARP traffic.

    You can block and not log it on the WAN firewall rules by picking "carp" as the protocol. (block carp from * to *)

    Unless you are using CARP, that should be safe.


  • Rebel Alliance Developer Netgate

    Click the 'x' in front of the log entry to see what rule it's hitting then



  • @13 block drop in log quick proto carp from (self:10) to any



  • should only see that if multicast traffic is getting looped back to you. Are you using CARP IPs? Are you running in VMware by chance?



  • Yes, CARP VIP for FTP and also on VMWare for testing 2.0.

    john

    @cmb:

    should only see that if multicast traffic is getting looped back to you. Are you using CARP IPs? Are you running in VMware by chance?


Log in to reply