Thank you,
This (having unique VHID) was the solution.
I had considered originally that since each carp device is on its own VLAN,
that would represent a unique broadcast domain and it wouldn't be violating
anything - but without your suggestion I'm not sure I would have gone back
to review that
All your carp devices have the same VHID. As two share the same network,
that could cause problems.
On 08/23/2016 01:40 PM, Andrew Seguin wrote:
> Hi,
>
> I'm building up an OpenBSD router/firewall (migrating away from FreeBSD)
> but have been blocked by a behavior of carp in combination with
Hi,
I'm building up an OpenBSD router/firewall (migrating away from FreeBSD)
but have been blocked by a behavior of carp in combination with VLANs that
I didn't expect or experience before. I'm hoping somebody could enlighten
me a little bit about why carp floating IPs stop working when the carp
On Fri, Oct 13, 2006 at 11:18:31AM -0700, Kian Mohageri wrote:
Where is your DHCP server? Where is the DHCPOFFER being lost? Have you
sniffed on interface between the firewalls and DHCP server? The client and
firewalls?
I will have to follow up on this after I get some other things figured
On Fri, Oct 13, 2006 at 07:21:35PM +0200, ropers wrote:
clueless conjecture:
what's arp -a say? on either machine?
where is your DHCP server running?
on one of your two OpenBSD fw's? On one of the vlans?
if I don't reply again, that'll mean I'm bamboozled and/or out of ideas
I'm going to
I am having some serious difficulty with dhcp, carp, and vlans. I have
two OpenBSD/i386 3.9-stable firewalls running GENERIC. I am using them
to replace a failing Cisco Catalyst 3550 switch that was doing the VLAN
routing. The boxes are working great as far as the VLAN routing goes but
DHCP
On 13/10/06, Bryan Vyhmeister [EMAIL PROTECTED] wrote:
I am having some serious difficulty with dhcp, carp, and vlans. I have
two OpenBSD/i386 3.9-stable firewalls running GENERIC. I am using them
to replace a failing Cisco Catalyst 3550 switch that was doing the VLAN
routing. The boxes
On Fri, Oct 13, 2006 at 12:17:41PM +0200, ropers wrote:
This may be a red herring, but are you running pf(4) on these OpenBSD
firewalls? If so, are you letting DHCPDISCOVER messages through? I
made such a mistake some time ago: In my case there was a Windows DHCP
server on one side and its
I am about to pull my hair out. This just does not make sense. In
searching the archives for anything that could be related I found a post
that stated that running the vlan(4) with the correct netmask and the
carp(4) interface with /32 caused dhcp to work fine for them. I have
done that and it
On 10/12/06, Bryan Vyhmeister [EMAIL PROTECTED] wrote:
This would send the DHCP requests to whatever server they needed to go
to. I have been trying to use dhcrelay on the firewalls for this purpose
with dismal results. If a DHCPREQUEST for ip comes in, all is well,
but if a DHCPDISCOVER
: problems with carp and vlans
Datum: Thu, 20 Apr 2006 18:07:40 +0200
On Thu, Apr 20, 2006 at 05:42:20PM +0200, Otto Moerbeek wrote:
On Thu, 20 Apr 2006, Lars Weste wrote:
Hi,
yes, i am running 3.8 -stable, and the backup has a higher advbase
than
err, for preemption to work
Try a 3.9 kernel and 3.9 ifconfig binary and see what happens
i'm using 3.9-current from the snapshots right now to great effect
Lars Weste [EMAIL PROTECTED] wrote:
Hi,
I have some problems with carp and vlans, at least I think so.
I found this:
http://archives.neohapsis.com
. /etc/netstart does start physical interfaces, then vlans and
finally carp. From memory:
hostname.em0
up
hostname.em2
inet 10.0.0.1 255.255.255.0 NONE
hostname.vlan100
vlan 100 vlandev em0 up
hostname.carp100
vhid 100 carpdev vlan100
inet 192.168.1.254 255.255.255.0 NONE
hostname.carp204
vhid
interfaces, then vlans and
finally carp. From memory:
hostname.em0
up
hostname.em2
inet 10.0.0.1 255.255.255.0 NONE
hostname.vlan100
vlan 100 vlandev em0 up
hostname.carp100
vhid 100 carpdev vlan100
inet 192.168.1.254 255.255.255.0 NONE
hostname.carp204
vhid 204 carpdev em2
inet
Hi,
with scrub in all set at the firewall, will openbsd handle icmp
packets
of type unreach code needfrag automatically, because of the
statefulness?
as far as i know, icmp packtes like port/host/network unreachable are
allowed by the keep state statements, does this also apply for the
with carp and vlans
Datum: Thu, 20 Apr 2006 15:01:30 +0200
Hi,
did you remember to configure the backup machine
with a higher advskew / advbase?
Are you running -stable?
I'm not aware of any other problems in 3.8 that might cause this.
On Wed, Apr 19, 2006 at 08:59:01AM +0200, Lars
, that will do the trick.
lars
--- Urspr|ngliche Nachricht ---
Von: Marco Pfatschbacher [EMAIL PROTECTED]
An: Lars Weste [EMAIL PROTECTED]
Kopie: misc@openbsd.org
Betreff: Re: problems with carp and vlans
Datum: Thu, 20 Apr 2006 15:01:30 +0200
Hi,
did you remember to configure
On Thu, Apr 20, 2006 at 05:42:20PM +0200, Otto Moerbeek wrote:
On Thu, 20 Apr 2006, Lars Weste wrote:
Hi,
yes, i am running 3.8 -stable, and the backup has a higher advbase than
err, for preemption to work, the advskew should be higher on the backup.
At least, that is what carp(4)
Hi,
I have some problems with carp and vlans, at least I think so.
I found this:
http://archives.neohapsis.com/archives/openbsd/cvs/2005-04/0996.html
so my assumption may be wrong, as I use openbsd 3.8.
I have four physical
interfaces in my two firewalls, one for pfsync, one to the Internet
19 matches
Mail list logo