On Thu, 14 Sep 2017, at 23:32, Kristof Provost wrote:
> On 14 Sep 2017, at 16:21, Dave Cottlehuber wrote:
> > Outgoing traffic (from a jail) via PF NAT over a LAGG/LACP sometimes
> > has the *backup* CARP IP address assigned to it.
> >
> I think this is your problem. You’re telling pf to nat to th
On 15 Sep 2017, at 11:31, Dave Cottlehuber wrote:
Can you explain what $if:0 resolves to, for example how does it relate
to to the primary ipv4/6 addresses bound to that interface?
I couldn't find a reference in the usual ifconfig manpages about this
(ifname:#) format, the BNF grammar for pf.co
On 14 Sep 2017, at 16:21, Dave Cottlehuber wrote:
Outgoing traffic (from a jail) via PF NAT over a LAGG/LACP sometimes
has
the *backup* CARP IP address assigned to it.
###
running configs ##
pfctl indeed shows its a round-robin
Hi,
Outgoing traffic (from a jail) via PF NAT over a LAGG/LACP sometimes has
the *backup* CARP IP address assigned to it.
Obivously as this IP is only active on the "other" server, the return
TCP connection traffic never actually gets back to our CARP master, and
the other server sees spurious TC
