Hi all.
i've configured an old pentium III with OpenBSD 3.7 like this:
x.y.z.240/29 ------rl1|gateway|rl0 ------x.y.z.248/29
|
rl2
/etc/hostname.rl0
up
/etc/hostname.rl1
up
/etc/hostname.rl2
inet 192.168.1.1 255.255.255.0 NONE
/etc/hostname.carp0
inet x.y.z.250 255.255.255.248 x.y.z.255 vhid 1 pass test1 carpdev rl0
/etc/hostname.carp1
inet x.y.z.241 255.255.255.248 x.y.z.247 vhid 2 pass test2 carpdev rl1
/etc/hostname.pfsync0
up syncif rl2 syncpeer 192.168.1.2
net.inet.ip.forwarding=1
net.inet.carp.preempt=1
pf=YES
if pf.conf contains the following:
pass quick on {rl0 rl1} proto carp keep state
pass quick on rl2 proto pfsync
i can ping both sides from the opposite.
however,if pf.conf contains the following:
# macros
int_ext = "rl0"
int_int = "rl1"
int_pf = "rl2"
carp_ext = "carp0"
carp_int = "carp1"
block all
pass quick on lo0 all
pass in quick on $int_ext proto icmp from x.y.z.251 to x.y.z.240/29 keep state
#carp e pfsync
pass quick on {rl0 rl1} proto carp keep state
pass quick on rl2 proto pfsync
when i try to ping x.y.z.242 from the other subnet all i can get is
ICMP Destination host unreachable from x.y.z.250.
can someone help with this?
Thanks
_____________________________________________________________
BootBox.Net - Your Home on the Internet
http://www.bootbox.net
Get an @bootbox.net webmail account - http://webmail.bootbox.net
Get Dialup Internet Access for only $8.95/mo
http://isp.bootbox.net
Host Your Website For Free- http://webhosting.bootbox.net
Put Your E-Commerce Business Online Virtually Free -
http://bcommerce.bootbox.net
