Does the Slave node do dhcp requests on the internet interface?

This should not happen.

I learn "all interfaces -except HA link- are completely inactive".

why you think the traffic is from slave?

how is your design?

which MAC do you see ... (one of the physical MAC's from UTM or the virtual MAC)?

> why you think the traffic is from slave?

I've logged in on the slave node via SSH and looked into the logfiles. 

selfmonng showed me the restart of the WebAdmin webserver. And in syslog.log I've found an entry at the same time that the dhcp client is getting a new ip address on this interface (renewal).

On the slave node a dhcp-client process is running, although the interface is marked as down in 'ip l'.

do you use "ha_utils ssh" to ssh into slave?

some logfiles are synced between nodes. so the dhcp message may be from master...

nearly all services are active at slave too, so failover need less time.

Hi, Marc, and welcome to the UTM Community!

If you are in Active-Active using a license that allows two active nodes, then you cannot disable the Slave from serving DHCP.  If you have a home-use license and are in Active-Passive (Hot-Standby), you're likely just seeing a line from when the unit currently the Slave was the Master.

Cheers - Bob

Hi, Marc, and welcome to the UTM Community!

If you are in Active-Active using a license that allows two active nodes, then you cannot disable the Slave from serving DHCP.  If you have a home-use license and are in Active-Passive (Hot-Standby), you're likely just seeing a line from when the unit currently the Slave was the Master.

Cheers - Bob

Hi,

that's a active/passive HA. 

I've logged into the slave with ssh. Not ha_utils ssh (where's the difference?)

The log selfmon.log:

2017:03:27-11:04:03 webmail-2 selfmonng[4401]: [INFO-189] Web Application Firewall not running - restarted

the log system.log:

2017:03:27-11:03:19 webmail-2 dhclient: DHCPDISCOVER on eth2.99 to 255.255.255.255 port 67 interval 6
2017:03:27-11:03:25 webmail-2 dhclient: DHCPDISCOVER on eth2.99 to 255.255.255.255 port 67 interval 13
2017:03:27-11:03:38 webmail-2 dhclient: DHCPDISCOVER on eth2.99 to 255.255.255.255 port 67 interval 2
2017:03:27-11:03:40 webmail-2 dhclient: No DHCPOFFERS received.
2017:03:27-11:03:40 webmail-2 dhclient: No working leases in persistent database - sleeping.
2017:03:27-11:03:45 webmail-1 dns-resolver[8716]: Updating REF_NetDnsIPrep1t :: iprep1.t.ctmail.com
2017:03:27-11:04:17 webmail-2 dhclient: DHCPDISCOVER on eth2.99 to 255.255.255.255 port 67 interval 4
2017:03:27-11:04:21 webmail-2 dhclient: DHCPDISCOVER on eth2.99 to 255.255.255.255 port 67 interval 4
2017:03:27-11:04:25 webmail-2 dhclient: DHCPDISCOVER on eth2.99 to 255.255.255.255 port 67 interval 11
2017:03:27-11:04:31 webmail-1 dhclient: DHCPREQUEST on eth2.99 to 185.19.196.1 port 67
2017:03:27-11:04:32 webmail-1 dhclient: DHCPACK from 185.19.196.1
2017:03:27-11:04:32 webmail-1 dhclient: bound to 185.19.199.33 -- renewal in 146 seconds.
2017:03:27-11:04:36 webmail-2 dhclient: DHCPDISCOVER on eth2.99 to 255.255.255.255 port 67 interval 2
2017:03:27-11:04:38 webmail-2 dhclient: No DHCPOFFERS received.
2017:03:27-11:04:38 webmail-2 dhclient: No working leases in persistent database - sleeping.

I think the secondary still tries to get a dhcp release.

Marc Gorisek said:

I've logged into the slave with ssh. Not ha_utils ssh (where's the difference?)

...

I think the secondary still tries to get a dhcp release.

Hi Marc,

the difference ?

1. I am unable to ssh slave node unless i use  "ha_utils ssh". There are no usable external addresses at the slave. How do you do this?

2. Possible the internal processes at slave node try to get a DHCP lease. But they ever should failing. (because the MAC used for this action is used by primary node and slave can not communicate externally)

... can you check, every time a dhcp lease are requested by slave the WebAdmin webserver dies?.. This should not happen.

dirkkotte said:

1. I am unable to ssh slave node unless i use  "ha_utils ssh". There are no usable external addresses at the slave. How do you do this?

You can look at the arp table (ip n) and look for the ip address which is known on the HA-link. That interface is also up in slave mode. ;)

dirkkotte said:

2. Possible the internal processes at slave node try to get a DHCP lease. But they ever should failing. (because the MAC used for this action is used by primary node and slave can not communicate externally)

 

Yes, I see a request and no response on the slave node. and a working request on the master node.

dirkkotte said:

... can you check, every time a dhcp lease are requested by slave the WebAdmin webserver dies?.. This should not happen.

 

So is it a case for the support?

yes, i would call support.

OK, thanks. I will contact the support in the next days. Tomorrow I'll participate Sophos CE. Maybe the trainer has some ideas about this case ^^.

Thanks a lot for your help.

Have a nice evening, cheers.

Marc

Hi Marc,

2017:03:27-11:04:32 webmail-1 dhclient: bound to 185.19.199.33 -- renewal in 146 seconds. This lines states that the DHCP server has provided an IP address with a lease time of 146 seconds. Now that should not happen on the slave UTM's interface. Check if the UTM's DHCLIENT is initiating a unicast DHCPREQUEST message after every 146 seconds. Also, check in the system.log which MAC address does the DHCPRequest to the DHCP server. 

Do you have an ISP line leasing a DHCP IP Address to the UTM's interface? 

What is configured on eth2.99 and show us a screenshot of the interface page from the WebAdmin? 

Finally, if you have already reported it to support please PM me the case# to monitor it.

Thanks