On Tue, 2 Oct 2007, Falk Brockerhoff wrote: > I'm using pf and ftp-proxy on an OpenBSD 4.2 GENERIC#374 i386 box. Most > the time everything works fine, but sometimes ftp-proxy reports a "no > route to host" in /var/log/messages. I can reproduce this behaviour, but > I'm able to ping the target ftp host on the cli at the same time > ftp-proxy reports the missing route. > > The target is reachable via a carp-interface on a dot1q tagged vlan > interface. > > Are there any known issues? Is there anything I can do to provide more > details?
What does the logging say exactly? How do you reproduce it? I'd guess that pf is blocking the control (port 21) connection for some reason. Do you have limits on states, either globally or per rule? The carp interface is master the whole time? -- Cam
