Re: SOLVED (was Re: Problem clarification (was: Problems with vlan + carp + alias))

2008-06-27 Thread Peter Jeremy
On 2008-Jun-27 22:59:56 +0200, Giulio Ferro <[EMAIL PROTECTED]> wrote: >Peter Jeremy wrote: >> The kernel should send out gratuitous ARP requests whenever you assign >> an address to an interface. You could confirm that this is happening >> by tcpdumping the interface whilst you add aliases. >>

Re: SOLVED (was Re: Problem clarification (was: Problems with vlan + carp + alias))

2008-06-27 Thread Giulio Ferro
Peter Jeremy wrote: On 2008-Jun-26 22:06:11 +0200, Giulio Ferro <[EMAIL PROTECTED]> wrote: I guess what I could do was to "poison" their arp cache for each address with a "is-at" message. Is there a way to force the sending of these messages for all the addresses of an interface? The k

Re: SOLVED (was Re: Problem clarification (was: Problems with vlan + carp + alias))

2008-06-27 Thread Steve Bertrand
Peter Jeremy wrote: On 2008-Jun-26 22:06:11 +0200, Giulio Ferro <[EMAIL PROTECTED]> wrote: I guess what I could do was to "poison" their arp cache for each address with a "is-at" message. Is there a way to force the sending of these messages for all the addresses of an interface? The kernel sh

Re: SOLVED (was Re: Problem clarification (was: Problems with vlan + carp + alias))

2008-06-27 Thread Peter Jeremy
On 2008-Jun-26 22:06:11 +0200, Giulio Ferro <[EMAIL PROTECTED]> wrote: > I guess what I could do was to "poison" their arp cache for each >address with a "is-at" message. Is there a way to force the sending >of these messages for all the addresses of an interface? The kernel should send out gratui

Re: SOLVED (was Re: Problem clarification (was: Problems with vlan + carp + alias))

2008-06-26 Thread Giulio Ferro
Steve Bertrand wrote: Thank you Giulio (is it Gio?) No, it's Giulio (english Julius) :-) For some reason when I plugged in the new firewall, only the base non-aliased address was updated in the ISP switch arp cache (if someone can throw a guess at why, I'm eager to listen). Well, you nee

Re: SOLVED (was Re: Problem clarification (was: Problems with vlan + carp + alias))

2008-06-25 Thread Steve Bertrand
Giulio Ferro wrote: I finally got the problem, and it had nothing to do either with vlans or with carp. The firewall I was setting up was meant to replace an existing freebsd firewall which didn't use vlans (it had a lot of nics). The problem was that the network port where our ISP brings the

SOLVED (was Re: Problem clarification (was: Problems with vlan + carp + alias))

2008-06-25 Thread Giulio Ferro
I finally got the problem, and it had nothing to do either with vlans or with carp. The firewall I was setting up was meant to replace an existing freebsd firewall which didn't use vlans (it had a lot of nics). The problem was that the network port where our ISP brings the internet connection

Problem clarification (was: Problems with vlan + carp + alias)

2008-06-23 Thread Giulio Ferro
After some more tests I've finally realized that the problem is with vlan and alias. I've taken carp out of the picture. (Please read my previous message on the topic to understand the scenario, I've reported it below) Here is what matters in /etc/rc.conf: -

Re: Problems with vlan + carp + alias

2008-06-22 Thread Giulio Ferro
Primeroz lists wrote: What is tcpdump showing for ping on 192.168.10.11 ? can you see echo reply exiting vlan10 interface ? what if you try from your server to "ping -S 192.168.10.11 192.168.10.254 " ? First of all I'm

Re: Problems with vlan + carp + alias

2008-06-19 Thread Primeroz lists
What is tcpdump showing for ping on 192.168.10.11 ? can you see echo reply exiting vlan10 interface ? what if you try from your server to "ping -S 192.168.10.11 192.168.10.254" ? Hi Primeroz, thanks for your answer. > I set all the carp interfaces, both base and alias, to the > 255.255.255.25

Re: Problems with vlan + carp + alias

2008-06-19 Thread Giulio Ferro
Primeroz lists wrote: Hi , I think you should setup ALL the carp address as alias/32 , like this: ifconfig_carp10="vhid 10 pass qweq 192.168.10.10 netmask 255.255.255.255 " ifconfig_carp10_alias0="192.168.10.11 netmask 255

Re: Problems with vlan + carp + alias

2008-06-19 Thread Primeroz lists
Hi , I think you should setup ALL the carp address as alias/32 , like this: ifconfig_carp10="vhid 10 pass qweq 192.168.10.10 netmask 255.255.255.255 " ifconfig_carp10_alias0="192.168.10.11 netmask 255.255.255.255 " ... ifconfig_carp10_aliasN="192.168.

Re: Problems with vlan + carp + alias

2008-06-19 Thread Giulio Ferro
Han Hwei Woo wrote: Hi Giulio, Since the IP's are on the same subnet, you should try using a netmask of 255.255.255.255 on the aliases. Hi Han, Sorry no, changing the mask to 255.255.255.255 of the aliases doesn't change the situation. Anyway exactly the same configuration works with non-v

Re: Problems with vlan + carp + alias

2008-06-18 Thread Han Hwei Woo
Hi Giulio, Since the IP's are on the same subnet, you should try using a netmask of 255.255.255.255 on the aliases. Cheers, Han Hwei Woo Giulio Ferro wrote: Scenario : freebsd 7.0 stable amd64 (compiled today), bce network interface Simply put, I'm trying to create multiple aliases on th

Problems with vlan + carp + alias

2008-06-18 Thread Giulio Ferro
Scenario : freebsd 7.0 stable amd64 (compiled today), bce network interface Simply put, I'm trying to create multiple aliases on the same carp interface. I did this without vlans (on physical interfaces) and it always worked. Here's what I do: ---rc.conf ... ifconfig_bce0="inet 192.168.1.1 ne