Hello,
I just got an openbsd firewall to manage and I’m totally new on openbsd. I have
20 years of linux experience.
Here is my problem : the firewall is a pair of two hosts with carp + pfsync.
Openbsd version is 5.8 and I have no way to upgrade for now..
I’m trying to add an ip on a vlan that should be shared between the two hosts.
Here is my config :
host A
hostname.vlan322
192.168.200.63 255.255.255.0 NONE vlan 322 vlandev em1
hostname.carp322
inet 192.168.200.62 255.255.255.0 NONE carpnodes 77:0,78:100 balancing
ip-stealth pass PASS carpdev vlan322
ifconfig carp322
carp322: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:4d
description: CARP IPB INTERCO
priority: 15
carp: carpdev vlan322 advbase 1 balancing ip-stealth
state MASTER vhid 77 advskew 0
state BACKUP vhid 78 advskew 100
groups: carp
status: master
inet 192.168.200.62 netmask 0xffffff00 broadcast 192.168.200.255
host B
hostname.vlan322
192.168.200.64 255.255.255.0 NONE vlan 322 vlandev em1
hostname.carp.322
inet 192.168.200.62 255.255.255.0 NONE carpnodes 77:100,78:0 balancing
ip-stealth pass PASS carpdev vlan322
ifconfig carp322
carp322: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:4d
description: CARP IPB INTERCO
priority: 15
carp: carpdev vlan322 advbase 1 balancing ip-stealth
state BACKUP vhid 77 advskew 100
state MASTER vhid 78 advskew 0
groups: carp
status: backup
inet 192.168.200.62 netmask 0xffffff00 broadcast 192.168.200.255
My problem :
- if I ping an host on the same network from one of the host, the packets are
sent with the carp mac adresss. From what I read from the documentation, the
balancing ip-stealth should use the mac-adress of the carpdev interfaces…
I have spent all my day reading the doc on internet, and I have found nothing
to help.
Do I have misunderstood something in the documentation ?
Is my configuration wrong ?
Thanks in advance...
—
Frédéric Goudal, Ingénieur Système
Bordeaux-INP
[email protected]
+33 5 56 84 23 11
