[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf expiring states way too fast (2 hosts using carp+pfsync)



On Wednesday 10 November 2004 19.46, you wrote:
> On Wed, Nov 10, 2004 at 04:14:59PM +0100, Per-Olov Sj?holm wrote:
> > >> http://marc.theaimsgroup.com/?l=openbsd-pf&m=109351242125764&w=2
> > >>
> > >> This has been fixed in -current, you might want to try that.
> >
> > Is this fixed in 3.6 release ?
>
> Yes.
>
> > Wonder as I have random disconnects when the two firewalls are up at the
> > same time.
>
> Which version are you running?
I use 2 HP intel servers running 3.6 with carp for lan , dmz and external 
interfaces. Plus one dedicated interface for pfsync.
But it seems to be more stable now with my random disconnects ( I changed the 
lan port in the switch and the lan cable on one of the firewalls). But 
strange that the redundant firewalls passed the initial tests and have ran 
perfect for 2 days before it started to do random disconnects.... When it 
started to act strange I did not see any errors with netstat -s. And it 
worked perfect when just one firewall was started???? Didn't matter which 
one.... The random disconnects were related to tcp based session like ssh etc 
through and to the firewall from the lan. But a console login on the firewall 
and an ssh session out on the internet worked.... So I really hope it was the 
lan switch port or the cable...
The reason for asking was that I use adaptive timeouts...
Tnx
/Per-Olov

Attachment: pgp00194.pgp
Description: PGP signature