Hi Henning, thanks, that fixed that issue.
However, I don't think that the routes/networks are messed up: inet 10.10.0.3 netmask 0xffffff00 broadcast 10.10.0.255 (this is backend server VLAN) inet 10.20.30.11 netmask 0xffffff00 broadcast 10.20.30.255 (this is for pfsync) inet xx.yyy.254.231 netmask 0xffffffc0 broadcast xx.yyy.254.255 (this is management network [snmp etc., also ntp]) inet xx.yyy.253.231 netmask 0xfffffff0 broadcast xx.yyy.253.239 (this is public IP/upstream) inet xx.yyy.253.225 netmask 0xff000000 broadcast 255.255.255.255 (this is carp IP in upstream VLAN, AFTER your hint) Anyways, now it works. Thanks! Joe On Thu, Aug 13, 2009 at 4:07 PM, Henning Brauer <lists-open...@bsws.de>wrote: > * Nice Daemon <nicedae...@googlemail.com> [2009-08-13 16:04]: > > Hi list, > > > > getting nearer to the point of deployment of a really nice > relayd/pf/pfsync > > setup I came across an issue. > > > > I'd like to run ntpd to syncronize against ntp servers that are in our > > network. > > > > However, it only works on the machine with *active* carp interface(s). > > > > On the machine with carp interface(s) in backup state following happens > > (found using tcpdump): > > > > ntpd sends out packets to the ntp server on the (backup!) carp interface > and > > thus the reply of the ntp server goes to an IP address that's not in use > on > > the questioning machine. > > that really sounds like your routes are messed up. assuming 10/24, you > should have sth like > 10.0.0.1/24 on node1 phys > 10.0.0.2/24 on node2 phys > 10.0.0.3/32 on carp > note the netmask. you want a /32 on the carp if, always except when > the phys interfaces do not have an IP from the subnet in question. > > -- > Henning Brauer, h...@bsws.de, henn...@openbsd.org > BS Web Services, http://bsws.de > Full-Service ISP - Secure Hosting, Mail and DNS Services > Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
