At 2006-11-14 13:03:51, Chris Cameron wrote: > I can't (easily) give direct output from things like ifconfig or pf.conf > as they're both huge and contain information I've been told we don't > want to send out. Hopefully this doesn't prevent anyone from helping me > out.
If it's a problem with carp, it's going to be really difficult to resolve without seeing the ifconfig ouptut, but here are some questions that you might want to consider... - Do you have dedicated addresses on the carp parent interfaces? - Are all the carp devices on the master firewall MASTER; what about the backup? - Can you reach the 'dissapearing' network from the backup firewall? - Is preemption enabled? (sysctl net.inet.carp.preempt=1) - What is the output of 'netstat -sp carp' on both the master and backup firewalls? - What about the output of 'netstat -i'? Are there output errors on the offending interface? - Have you tried running with carp debugging turned on? (sysctl net.inet.carp.log=1)
