On 2006/03/10 17:23, Bryan Irvine wrote: > So what we have are some servers on LAN1 with a default gateway of the > carp IP on the firewalls. Somebody located on either LAN2 or LAN3 > telnets to one of those servers, get connected and goes on about their > daily business. > > Sometime later their connection drops. > > It happened after we installed the carp firewalls, and seems to be > related to ICMP-Redirect coming from the real IP, as opposed to the > carp one the request went to.
good description, thanks. turning off redirects (sysctl -w net.inet.ip.redirect=0) would let you verify this hypothesis, and if it's valid and the traffic to the LANs isn't too heavy, could give you a work-around too. if not, maybe a packet trace from one of the LAN2 or LAN3 hosts might shed light.