[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pfsync is killing my two machines



i now had an idea which could cause this behaviour...
firewall A has on its internal interface the address 172.16.0.254
firewall B has on its internal interface the address 172.16.0.253
both firewalls are having on the internal carp interface the address
172.16.0.2
pfsync is syncing the states between both
what would happen if i directly connect to firewall A on 172.16.0.254 ->
pfsync will sync the newly created state to firewall B -> firewall B has
no idea what to do with this state - simple because it don't have the
172.16.0.254 ip address -> the same also happens why i connect directly
to firewall B
could it be that this is causing the death of the machines ?
best regards
Wolfgang
Am Di, den 18.05.2004 schrieb Wolfgang Pichler um 14:39:
> hi all,
> 
> i have pfsync running on two soekris net4801 machines on the sis2
> interface over a cross link cable. If both machines are running and have
> sis2 and pfsync0 up - then after a while the system load will increase
> until both machines are getting a kernel panic ( i can stop it with
> simple detaching the cross link cable - but i can't work on the console
> because both machines are getting unresponsive ).
> 
> On sis2 there is nothing else running
> 
> Here is my interface config on machine A:
> sis2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
>         address: 00:00:24:c1:c7:92
>         media: Ethernet autoselect (100baseTX full-duplex)
>         status: active
>         inet 192.168.254.254 netmask 0xffffff00 broadcast
> 192.168.254.255
> pfsync0: flags=0<> mtu 1348
>         pfsync: syncif: sis2 maxupd: 128
> 
> Here for machine B:
> sis2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
>         address: 00:00:24:c1:c7:4a
>         media: Ethernet autoselect (100baseTX full-duplex)
>         status: active
>         inet 192.168.254.253 netmask 0xffffff00 broadcast
> 192.168.254.255
> pfsync0: flags=0<> mtu 1348
>         pfsync: syncif: sis2 maxupd: 128
> 
> And here is my line in pf.conf for passing the pfsync traffice:
> pass quick on { sis2 } proto pfsync
> 
> how can i debug this problem ? - is it already know ? - does there
> already exists a solution ? - do you need more informations ?
> 
> David Krause also pointed out that he is having problems related to
> pfsync
> 
> best regards
> Wolfgang