Some logs here : Please find the pf rules, bgpd.conf, ifconfig and host configuration on the following link: https://paste.ubuntu.com/p/QRcJR7S42r/
tcpdump on firewall , while trying to connect to IP: https://paste.ubuntu.com/p/YyyXDvt6mc/ I have made following changes : pass out quick on ix2 from $cloud_public_addr to any ### This does not allow traffic outside pass in quick on ix3 from <allowedusers> to $cloud_public_addr ### This works to allow inside Can anyone suggest, whay am I missing here. Thanks for your help. Regards, ~~ Jayachander. On Thu, Feb 6, 2020 at 10:48 AM Jay See <[email protected]> wrote: > Hi, > > We have openBSD based firewall. It used to work fine until I upgraded from > the openBSD6.3 to 6.4. Once I have upgraded the firewall from 6.3 to 6.4, > firewall is not able to route the traffic to server with public IP which is > configured using the "carp". Basically, we are routing from this public IP > to private network behind the firewall. > > Behind the firewall, we have OpenStack deployment with allocation of > public IPs. We are able to access the public IPs allocated for the VMs. > > I am not sure whether it is pf issue or bgp issue (as they changed > announce list or all from openBSD6.4) or some other issue. > > I thought, this might be temporary issue, I have upgraded the firewall to > 6.5 and 6.6 also. Still same issue. Now the firewall is running with > OpenBSD6.6 and all services are running smoothly. > > Our rule set is long and I am not sure, I should share it in the > mailing list or not. As I have any not seen any mails in last 2 days. > Please let me know, where should I look to find the actual problem. > > Regards, > Jayachander. > > -- > P *SAVE PAPER – Please do not print this e-mail unless absolutely > necessary.* > -- P *SAVE PAPER – Please do not print this e-mail unless absolutely necessary.*
