Hi,
I see deny messages for pfsync from the WAN address in the firewall log, even though pfsync is configured with IP addresses and not multicast (on both sides).
Regards,
atom
I'm using a dedicated interface for pfsync:
ifconfig pfsync0
pfsync0: flags=41<UP,RUNNING> metric 0 mtu 1500
pfsync: syncdev: ix2 syncpeer: 10.0.0.0.1 maxupd: 128 defer: off
groups: pfsync
ifconfig ix2
ix2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8538b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO>
ether ac:1f:6b:b5:fe:a6
inet 10.0.0.2 netmask 0xffffff00 broadcast 10.0.0.255
inet6 fe80::ae1f:6bff:feb5:fea6%ix2 prefixlen 64 scopeid 0x3
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
tcpdump -ni ix0 proto pfsync:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ix0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:03:40.792965 IP xxx.xxx.xxx.xxx > 224.0.0.240: PFSYNCv5 len 1278
insert count 3
update compressed count 5
delete compressed count 8
eof count 1
13:03:40.871131 IP xxx.xxx.xxx.xxx > 224.0.0.240: PFSYNCv5 len 1326
insert count 5
update compressed count 1
eof count 1