On Mon, Oct 17, 2005 at 11:25:30AM -0400, stan wrote:
> On Mon, Oct 17, 2005 at 05:16:20PM +0200, Claudio Jeker wrote:
> > On Mon, Oct 17, 2005 at 10:35:07AM -0400, stan wrote:
> > > On Mon, Oct 17, 2005 at 04:12:48PM +0159, Claudio Jeker wrote:
> > > > On Mon, Oct 17, 2005 at 09:39:01AM -0400, stan wrote:
> > > > > I'm trying to do something that should be simple with ospfd from a
> > > > > snapshot
> > > > > from last week.
> > > > >
> > > > > I have a pair of carp's firewall/gatway boxes (3.7 machines) and they
> > > > > connect a single subnet to the corporate network. Corporate wans to
> > > > > move
> > > > > from rip to ospf. I'v set up the following ospfd.conf file:
> > > > >
> > > > >
> > > > > # $OpenBSD: ospfd.conf,v 1.2 2005/02/06 20:07:09 norby Exp $
> > > > >
> > > > > # macros
> > > > > # password="secret"
> > > > >
> > > > > # global configuration
> > > > > router-id 170.85.113.111
> > > > > # fib-update no
> > > > > # spf-delay 1
> > > > > # spf-holdtime 5
> > > > >
> > > > > # auth-key $password
> > > > > # auth-type none
> > > > > # hello-interval 10
> > > > > # metric 10
> > > > > # retransmit-interval 5
> > > > > # router-dead-time 40
> > > > > # router-priority 1
> > > > > # transmit-delay 1
> > > > >
> > > > > # areas
> > > > > area 0.0.0.120 {
> > > > > interface fxp0 {
> > > > > auth-type none
> > > > > }
> > > > > }
> > > > >
> > > > >
> > > > > fxp0 is the "external" interface. The CARP interface is fxp1, and the
> > > > > "internal" interface is fxp2. Presently I have pf off.
> > > > >
> > > > > When I start ospfd I get the routes advertised by corporate, but they
> > > > > don't
> > > > > see my route.
> > > > >
> > > > > What am I doing wrong?
> > > > >
> > > >
> > > > You're not advertising any routes with this setup. "redistribute static"
> > > > is probably what you are looking for.
> > > > Another option would be to use passive interfaces like
> > > >
> > > > area 0.0.0.120 {
> > > > interface fxp0 {
> > > > auth-type none
> > > > }
> > > > interface fxp2 {
> > > > passive
> > > > }
> > > > interface carp0 {
> > > > passive
> > > > }
> > > > }
> > >
> > > Could you explain what passive means in this context, please?
> > >
> >
> > It's in the man page:
> > passive
> > Prevent transmission and reception of OSPF packets on this
> > inter-
> > face.
> >
> > The interface is still considered part of OSPF and therefor a stub network
> > LSA is redistributed but no OSPF traffic is done on that interface. This
> > is nice to add some directly connected interfaces or loopbacks instead of
> > using redistribute connected.
>
> Thanks.
>
> So, in my case by not listing the pfsync interface (which is fxp1) in the
> ospfd.conf file at all. Neither will it be advertised, nor will traffic be
> sent over it, right?
>
Yes.
--
:wq Claudio
