Hi
This is my first post to openbsd-misc so forgive me if this has been
raised before. That said, I've just read through the 1200 messages in
the archives this month and can't find the same issue.
I am trying to configure a redundant firewall pair. So far almost
everything is fine and it behaves how you (I) would expect a CARP system
to work. However, when using SSH, I get the following bizarre behaviour
(see setup below):
* If I have an SFTP connection transferring data, and I pull the red
cable, the transfer freezes. During this time, carp0 on fw1 drops to
INIT and carp254 drops to BACKUP. fw2 claims MASTER status on both carp
interfaces. BUT, the SFTP transfer freezes. It will fail after short
period if I do nothing. However, if I then pull the blue cable, the
transfer resumes(!) Normally I can reconnect fw1 back in and it will
The other quirk appears with CARP advertisements happening frequently.
If I set fw1 to use (say) 0/50 and 0/60 for advbase/advskew then:
* If I have a PuTTY session open on alfie connected to miniwebserv1, and
I run a command that spits out random numbers (jot every 1/10th of a
second), and then pull the red cable, the connection doesn't die but the
text comes back erratically. It goes from flowing like water to
something more like lumpy custard.
I only found the second point because I thought the SFTP died because
the connection took too long to transfer- this is evidently not the case.
I just installed PostgreSQL on miniwebserv1 via a remote package, and
the file downloaded correctly despite me pulling a cable. So perhaps
this is an issue with the SFTP protocol? It is not a client issue, as
both CoreFTP and the SSH.com client behave the same way. It's almost
certainly not a PF issue because I've run PF without NAT and just "pass
in / pass out keep state" rules.
Can anyone offer any advice? [ I hope after writing all this somebody
doesn't point to a bug report from 6 months ago :) ]
Cheers for any help
Ashley
Here is how it is all configured:
alfie is my desktop Win2k machine
miniwebserv1 is my ultimate destination (SSH and Apache2 running on FreeBSD)
192.168.0.181 (alfie)
|
+--------------+
| 192.168.0.25 |
| FBSD router |
|192.168.67.200|
+--------------+
|
192.168.67.3 (carp0)
alias 192.168.67.33 (for NAT)
alias 192.168.68.45 (for NAT- unused)
red cable/ \
+---------------+ +---------------+
| 192.168.67.1 |dc0 | 192.168.67.2 |
| OBSD fw1 |-------| OBSD fw1 |
| 192.168.167.1 | fxp0| 192.168.167.2 |
+---------------+ +---------------+
blue cable\ /
192.168.167.3 (carp0)
|
192.168.167.23 (miniwebserv1)
Config files:
fw1# cat /etc/hostname.rl0
inet 192.168.67.1 255.255.255.0 NONE
fw1# cat /etc/hostname.rl1
inet 192.168.167.1 255.255.255.0 NONE
fw1 # cat /etc/hostname.dc0
inet 192.168.170.1 255.255.255.0 NONE
fw1# cat /etc/hostname.carp0
inet 192.168.67.3 255.255.255.0 192.168.67.255 carpdev rl0 vhid 1 pass
mycarp
inet alias 192.168.67.33 255.255.255.0 192.168.67.255
inet alias 192.168.68.45 255.255.255.0 192.168.68.255
fw1# cat /etc/hostname.carp254
inet 192.168.167.3 255.255.255.0 192.168.167.255 carpdev rl1 vhid 254
pass mycarpstudio
fw1# cat /etc/hostname.pfsync0
up syncdev dc0 syncpeer 192.168.170.2
fw2# cat hostname.rl0
inet 192.168.67.2 255.255.255.0 NONE
fw2# cat hostname.rl1
inet 192.168.167.2 255.255.255.0 NONE
fw2# cat hostname.fxp0
inet 192.168.170.2 255.255.255.0 NONE
fw2# cat hostname.carp0
inet 192.168.67.3 255.255.255.0 192.168.67.255 carpdev rl0 vhid 1
advskew 10 pass mycarpstudio
inet alias 192.168.67.33 255.255.255.0 192.168.67.255
inet alias 192.168.68.45 255.255.255.0 192.168.68.255
fw2# cat hostname.carp254
inet 192.168.167.3 255.255.255.0 192.168.167.255 carpdev rl1 vhid 254
advskew 10 pass mycarpstudio
fw2# cat hostname.pfsync0
up syncdev fxp0 syncpeer 192.168.170.1
