Solved it,
had to switch
pass in quick on $int_if all
pass out quick on $int_if all
to
pass in quick on $int_if all keep state
pass out quick on $int_if all keep state
On Fri, 21 Oct 2005 16:37:54 -0400, Monah Baki wrote
> Sorry all it's a Soekris net4801
>
> Thank you
>
> On Fri, 21 Oct 2005 13:47:05 -0400, Monah Baki wrote
> > Hi all,
> >
> > I have 2 Rasta 4801 (3.7 current) as a master and backup carp. One
> > solaris 10 server is behind them. When I try to scp a 600MB file
> > from 1 solaris server outside the network to the solaris server
> > behind the net4801, I get "network error: connection reset by peer" error.
> > If I halt the master carp and the backup becomes master, no problem
> > all 600MB gets transfered. I then went ahead and deleted the file
> > and rebooted the the master, the current Master switched to backup,
> > and I did the copy a "network error: connection reset by peer"
> > showed up.
> >
> > My pf.conf file on both machines are identical.
> >
> > Thank you.
> >
> > /etc/pf.conf
> > -----------------
> > ext_if="sis0"
> > int_if="sis1"
> > ext_net="104.83.19.0/24"
> > int_net="172.16.0.0/24"
> >
> > carp5="carp5"
> >
> > ross="172.16.0.3"
> > ross_int_webzone="172.16.0.4"
> >
> > tcp_services="{22, 80}"
> > dns_services="{53}"
> >
> > set timeout interval 10
> > set timeout frag 30
> > set block-policy return
> > set loginterface sis0
> > set skip on lo0
> >
> > # scrub in all
> >
> > nat on $ext_if from $int_net to any -> $ext_if static-port
> >
> > rdr on $ext_if proto tcp from any to $carp5 port 22 ->
> > $ross_int_webzone port 22
> >
> > # Deny all packets
> > block in on sis0 all
> >
> > pass in quick on $int_if all
> > pass out quick on $int_if all
> >
> > pass in quick on $ext_if inet proto tcp from any to any port $tcp_services
> > flags S/SA keep state
> > pass out quick on $ext_if inet proto tcp from any to any port
$tcp_services
> > flags S/SA keep state
> >
> > pass in quick on $carp5 inet proto tcp from any to any port
> > $tcp_services keep state pass out quick on $carp5 inet proto tcp
> > from any to any port $tcp_services keep state
> >
> > pass quick on lo0 all
> >
> > pass quick on { sis2 } proto pfsync
> > pass in quick on { sis0 sis1 } proto carp keep state
> >
> > # Filter rules for sis0 outbound
> > block out on sis0 all
> >
> > # pass in all
> > # pass out all
> >
> > My master carp has the following:
> > ---------------------------------
> > ifconfig carp5 create
> > ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 0 104.83.19.244
> > netmask 255.255.255.0
> >
> > My backup carp has the following:
> > ---------------------------------
> > ifconfig carp5 create
> > ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 128
104.83.19.244
> > netmask 255.255.255.0
