Hi all, after some disastrous test with OBSD 4.5, i tried to upgrade to -current via cvs, then to download the latest snapshot of 4.6 release from the ftp.
My goal is to obtain a couple of firewall in active/active mode with load balancing enabled, but at now I'm unable to make it works. As I already verified in 4.5 (see my thread http://marc.info/?l=openbsd-misc&m=124473589921871&w=2), my configuration works only as failover. Here is my new configuration: --------------------------------------- ### Host A: ### /etc/hostname.em0 inet 192.168.10.2 255.255.255.0 NONE /etc/hostname.em1 inet 10.20.30.2 255.255.255.0 NONE /etc/hostname.carp0 inet 192.168.10.1 255.255.255.0 192.168.10.255 carpnodes 10:0,20:100 balancing ip /etc/hostname.carp1 inet 10.20.30.1 255.255.255.0 10.20.30.255 carpnodes 30:0,40:100 balancing ip /etc/hostname.bge1 inet 172.16.188.1 255.255.255.0 NONE /etc/hostname.pfsync0 up defer syncdev bge1 ### Host B: ### /etc/hostname.em0 inet 192.168.10.3 255.255.255.0 NONE /etc/hostname.em1 inet 10.20.30.3 255.255.255.0 NONE /etc/hostname.carp0 inet 192.168.10.1 255.255.255.0 192.168.10.255 carpnodes 10:100,20:0 balancing ip /etc/hostname.carp1 inet 10.20.30.1 255.255.255.0 10.20.30.255 carpnodes 30:100,40:0 balancing ip /etc/hostname.bge1 inet 172.16.188.2 255.255.255.0 NONE /etc/hostname.pfsync0 up defer syncdev bge1 On both machines: OpenBSD hostX.domain.tld 4.6 GENERIC#50 i386 net.inet.ip.forwarding=1 net.inet.carp.allow=1 net.inet.carp.preempt=1 --------------------------------------- Carp works, pfsync works, but when I send packets to the carp address, everytime the same machine reply (so there is not a load balancing). I tried to overload the carp interface, generating a lot of traffic from several machines, but nothing happens: replies awlays came from the same machine. I tried also the ip-stealth mode, but with same results. I tried to put two web servers behind the firewall (ip 10.20.30.4 and 10.20.30.5), running pf with these rules: HOST A: rdr pass on em0 proto tcp from any to (carp0) port 80 -> 10.20.30.4 HOST B: rdr pass on em0 proto tcp from any to (carp0) port 80 -> 10.20.30.5 but replies came always from the same webserver, that is loadbalancing not working. So, I'm asking again myself if I'm missing something or where is the mistake with my configuration. Every help will be appreciated.
