Dag Richards wrote:
Your understanding of preempt seems correct
I had a similar issue on a pair of 4.1 FW's.
A careful examination revealed that one of the carp ifaces on one system
had ip addrs that were missing on the other.
Carefully compare ifconfig -aA on each machine to each other.
I now slavishly alsoensure that the addrs occur in the same order ... I
am sure that has no effect, but there it is.
Are you allowing the carp traffic in and out?
Does a tcpdump show the expected traffic?.
I have checked all those things... ifconfig output (in relation to carp)
is identical with the obvious exceptions of BACKUP/MASTER and advskew.
One of the first lines in my pf.conf is always pass in quick on foo
proto carp keep state... and a look at pflog shows nothing in the carp
department is being blocked.
It does not happen all the time, just seems to happen when I put some
network load on the secondary firewall.
I will investigate what Stuart Henderson mentioned.
Cheers,
Josh
