Can you please try this change: diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index 0a8316b..7bece74 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -66,7 +66,7 @@ function backup_vip_config_section() { } if($section['advbase'] <> "") { $section_val = intval($section['advbase']); - $section_val=$section_val+1; + $section_val=$section_val; if($section_val > 255) $section_val = 255; $section['advbase'] = $section_val;
I would like to see even some statistics of your interfaces. On Fri, Dec 10, 2010 at 7:38 PM, <st41...@st41ker.net> wrote: > Hello, > > It seems like this question should be addressed to the pfSense kernel > maintainer(s). > > I've two firewalls on 2.0-BETA4 with CARP enabled. Until the recent upgrade > everything worked almost perfect. > Now both routers got all CARP devices in MASTER state. > > Firewall 1: > vip6: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500 > inet 192.168.199.1 netmask 0xffffff00 > carp: MASTER vhid 6 advbase 2 advskew 100 > vip10: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500 > inet 192.168.0.51 netmask 0xffffff00 > carp: MASTER vhid 10 advbase 2 advskew 100 > vip12: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500 > inet 192.168.253.252 netmask 0xffffff00 > carp: MASTER vhid 12 advbase 2 advskew 100 > > #netstat -ssp carp > carp: > 92555 packets received (IPv4) > 14 discarded for bad authentication > 92222 discarded for bad vhid > 39869 packets sent (IPv4) > > Firewall 2: > vip6: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500 > inet 192.168.199.1 netmask 0xffffff00 > carp: MASTER vhid 6 advbase 1 advskew 0 > vip10: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500 > inet 192.168.0.51 netmask 0xffffff00 > carp: MASTER vhid 10 advbase 1 advskew 0 > vip12: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500 > inet 192.168.253.252 netmask 0xffffff00 > carp: MASTER vhid 12 advbase 1 advskew 0 > > #netstat -ssp carp > carp: > 39184 packets received (IPv4) > 1 discarded for bad authentication > 39074 discarded for bad vhid > 93005 packets sent (IPv4) > > Here is a packet dump: > > #tcpdump -nvei re0_vlan5 not tcp and not udp > tcpdump: listening on re0_vlan5, link-type EN10MB (Ethernet), capture size > 96 bytes > 20:28:26.227652 00:00:5e:00:01:0a > 01:00:5e:00:00:12, ethertype IPv4 > (0x0800), length 70: (tos 0x10, ttl 255, id 13532, offset 0, flags [DF], > proto VRRP (112), length 56, bad cksum 0 (->a57a)!) > 192.168.0.52 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, > authtype #128, intvl 1s, length 36, addrs(7): > 227.234.177.249,120.162.118.75,40.102.130.17,242.232.0.66,58.203.185.41,64.96.187.4,114.121.226.49 > 20:28:26.723778 00:00:5e:00:01:0a > 01:00:5e:00:00:12, ethertype IPv4 > (0x0800), length 70: (tos 0x10, ttl 255, id 13772, offset 0, flags [DF], > proto VRRP (112), length 56) > 192.168.0.53 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, > authtype #128, intvl 2s, length 36, addrs(7): > 227.234.177.249,120.162.117.92,228.194.169.203,197.128.149.181,204.97.168.247,234.48.188.234,14.68.23.250 > 20:28:27.223192 00:00:5e:00:01:0a > 01:00:5e:00:00:12, ethertype IPv4 > (0x0800), length 70: (tos 0x10, ttl 255, id 57411, offset 0, flags [DF], > proto VRRP (112), length 56, bad cksum 0 (->fa12)!) > 192.168.0.52 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, > authtype #128, intvl 1s, length 36, addrs(7): > 227.234.177.249,120.162.118.76,5.159.71.110,98.90.217.70,117.200.253.191,117.207.179.185,132.131.241.197 > 20:28:28.218741 00:00:5e:00:01:0a > 01:00:5e:00:00:12, ethertype IPv4 > (0x0800), length 70: (tos 0x10, ttl 255, id 26425, offset 0, flags [DF], > proto VRRP (112), length 56, bad cksum 0 (->731d)!) > 192.168.0.52 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, > authtype #128, intvl 1s, length 36, addrs(7): > 227.234.177.249,120.162.118.77,156.42.80.119,212.10.43.254,52.127.252.175,13.193.236.116,250.186.146.126 > 20:28:29.115843 00:00:5e:00:01:0a > 01:00:5e:00:00:12, ethertype IPv4 > (0x0800), length 70: (tos 0x10, ttl 255, id 17830, offset 0, flags [DF], > proto VRRP (112), length 56) > 192.168.0.53 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, > authtype #128, intvl 2s, length 36, addrs(7): > 227.234.177.249,120.162.117.93,134.208.204.108,14.90.209.13,71.169.61.99,222.84.234.186,206.168.118.252 > 20:28:29.214280 00:00:5e:00:01:0a > 01:00:5e:00:00:12, ethertype IPv4 > (0x0800), length 70: (tos 0x10, ttl 255, id 20580, offset 0, flags [DF], > proto VRRP (112), length 56, bad cksum 0 (->89f2)!) > 192.168.0.52 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, > authtype #128, intvl 1s, length 36, addrs(7): > 227.234.177.249,120.162.118.78,152.171.173.48,92.93.224.15,236.101.105.252,83.24.68.20,227.104.66.63 > > > Overall picture is the same as it was before the upgrade, except that each > machine now ignores the carp packets. > Did someone make changes in FreeBSD carp subsystem? > > -- > Thanks, > St41ker. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > -- Ermal --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org