[SOLVED] [2.0-RC3] things I don't get with pfsync
-
Hello all,
First I have to apologize if this has been already discussed. I haven't found an answer to my problem in the forum archive. Although, being very new to pf(sense) I may be wrong ;)
Having tried to test the failover mode (reboot of master) I just faced loss of connectivity between lans. While trying to troubleshoot I went on things that I really don't get.
pfSense is setup as a failover FW between two lans. This is really basic: CARP on WAN and LAN interfaces, one master, one slave, VRRP works like a charm, xmlrpc too. The problem is with pfsync: checking with pfctl, the slave state and rules tables are empty. Using tcpdump I can see the master sending pfsync packets, same for the slave getting the pfsync packets. Another detail I do not understand: pf state on slave is reported as "disabled".
I was expecting to see the slave with pf enabled, and to be able to dump the tables being sync'ed with master's ones.
I have tried tp change the pfsync setup from multicast to peer mode: no luck. I have checked pfsync interfaces they are ok (due to the lack of hardware they share the same NIC than LAN).
So here is my question: what do I did wrong ?
If someone could shed some light on this it will be very much appreciated.
Thank you !
ps: sorry for my english ;)
-
So I did a complete reinstall of the slave and things are fine now…
Unfortunately I have no idea about what was wrong, the very same setup works as expected. Maybe some obscure corrupted data somewhere.
-
I had the same type of issue with switching from pfsync setup from multicast to peer mode, i finally gave up on trying to switch them and just used a crossover cable and a dedicated port for syncing. i didnt want additional traffic (multicast sync packets) on my lan interface.