hi all,
i am using 2 firewalls via carp.
in my design all the external addresses are physically defined on the
firewall and are destination natted by the firewall.
so i have 2 carp interfaces
carp0 - ext
carp1 - int
and on a separate interface i do pfsynch.
i looked at converting pf rules to
On 2006/11/28 14:34, Jakob Praher wrote:
is there a way to force both carp interfaces to have the same state,
e.g. if carp0 is master so has to be carp1 master ?
yes, set net.inet.carp.preempt=1 in /etc/sysctl.conf, there's a little
discussion about this in carp(4).
Stuart Henderson schrieb:
On 2006/11/28 14:34, Jakob Praher wrote:
is there a way to force both carp interfaces to have the same state,
e.g. if carp0 is master so has to be carp1 master ?
yes, set net.inet.carp.preempt=1 in /etc/sysctl.conf, there's a little
discussion about this in carp(4).
Hi all,
in my production pf.conf (113 rules) I have
set timeout { tcp.finwait 1}
. But
pfctl -s timeouts
shows
tcp.finwait 45s
(the default). In a simple pf.conf this works as expected.
What might the reason for this?
Are there any options resetting
On Wed, Nov 29, 2006 at 12:05:10AM +0100, Axel Rau wrote:
Hi all,
in my production pf.conf (113 rules) I have
set timeout { tcp.finwait 1}
. But
pfctl -s timeouts
shows
tcp.finwait 45s
(the default). In a simple pf.conf this works as expected.
What
On Wed, Nov 08, 2006 at 12:22:19AM +0100, Michiel van Baak wrote:
On 22:12, Tue 07 Nov 06, C?dric Berger wrote:
There is no way it can work on a 32-bit i386 system.
This kind of pointer limitation is the first reason why
ppl move to 64-bit systems, so that might be worth testing
on a
