Gustavo A. Baratto wrote:
..
FW2 is ready, and the IP for DNS2 is already assigned... So, while
DNS2 server is not ready, is it possible to setup FW2, so DNS queries
from the external world can be redirected to DNS1?
It would be basically an rdr reflection on the external interface,
[EMAIL PROTECTED] wrote:
Hi all :
We've a firewall with 4 interfaces (2 outside to two
differents routers and
ISP,1 inside and 1 DMZ),the machine is running a Squid web proxy too,
we wanna make balancing on outgoing connections only for the
web traffic, we
have get to do that, and now the
Right. When preempt is set any carp interface which has a real interface
down causes all carps to use 240 for the skew. At this point I think it is
simply a race to see which interface takes MASTER. That is why I used
preempt on only one FW. This insures that, in a situation like the one
As I understand it, preempt is all or nothing. So if I have FW's configured
like,
ISP switch
/ \
| |
FW1-- DMZ --FW2 [That's one DMZ switch]
| switch |
\ /
LAN switch
If I wish FW1 to be primary and FW2 to be secondary I set advskew on FW1 to
be
I had a similar issue. I ended up using net.inet.carp.preempt=1 on the
primary firewall and net.inet.carp.preempt=0 on the secondary.
If the primary has an issue, the secondary becomes the master on all
interfaces. I must confess I haven't fully tested the configuration.
-Steve S.
[EMAIL
Greetings,
I'm experiencing an interesting problem and I'm googled out.
Trying to get mail from a firewall which is the carp master to an internally
hosted e-mail server. The mail server is using a private IP address and the
firewall is using a binat rule to translate a public carp IP to the
Jason Opperisano wrote:
On Thu, 2004-09-16 at 08:58, Steven S. wrote:
the above seems to be the result of a blocked packet with set
block-policy return or a block return ... rule ...SYN goes out but
SYN-ACK coming back in gets a RST...
I have no such policies. It is my understanding
