Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSync packets on LAN interface

    HA/CARP/VIPs
    1
    1
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      T-Monster
      last edited by

      Hi All,

      I've recently setup a HA cluster following the 2.1 book, but I'm seeing pfSync traffic on a non-pfSync interface…

      OK, so I've got 2x boxes with pfSense: 2.1-RELEASE (i386) built on Wed Sep 11 18:16:22 EDT 2013 FreeBSD 8.3-RELEASE-p11

      I have a single physical cable connected directly between the boxes for the pfSync traffic, using a dedicated NIC interface.

      If I look at "Status: System logs: Firewall" on the LAN interface I see a LOT of logs from 0.0.0.0 to 224.0.0.240 using PFSYNC protocol. This is approx 1/second.

      WAN interface is fine, no pfSync logs.

      So... as far as I can see, I've got pfSync traffic on my LAN, yet there's no physical connection between the Sync interface and the LAN interface.

      I've taken a packet capture and looked at it in Wireshark, and there's definitely data there.

      I've disabled the sync interfaces on each box and the traffic is still reported on the LAN interface, so it looks like it's definitely coming from the LAN interface, yet, the "System: High Availability Sync" is definitely set to the "SYNC" interface..

      If I make any changes, then the backup box picks it up - so pfSync is actually working... just too well  :)

      Any ideas?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.