Am 22.03.2011 14:42, schrieb Claudio Jeker:
The lladdr is not wrong. It just happens to be the one for the second
vhid. Since you do arp balancing the two lladdrs are split among the
various hosts on the lan. Your carp setup runs with two MACs
00:00:5e:00:01:21 for vid 33 and 00:00:5e:00:01:85 for vid 133.
So the MAC addr your linux box got is not wrong. Does the traffic from
the linux box end up on the FW or is the traffic lost somewhere in
between?
Thanks, that helped a lot. I didn't realize that arp balancing with two
vhids necessarily creates two MACs.
Switching between ARP and IP balancing and back again I'm now back at
ARP balancing. The fw advertises now at 00:00:5e:00:01:85 and reacts to
pings at 192.168.3.1
Changing the arp table on the linux host to 00:00:5e:00:01:21 with "arp
-s 192.168.3.1 00:00:5e:00:01:21" results in the fw reacting to the
pings correctly, too.
I should have watched the traffic with "tcpdump -e" before, however I
forgot about the usefulness of that switch when watching physical
interfaces. Dumb, but these things happen. Now I see that pings arrive
at the fw and are replied to correctly.
All other traffic through the fw is also routed correctly.
Why it did not work before I cannot say. Something changed, and probably
it was me who did it, but I cannot say what, how and when. diffing the
pf.conf files before and afterwards showed nothing.
Thanks to all,
Marcus
