Hi,
I have a cluster of two pf firewalls running 4.8-current (GENERIC.MP)
#382, using rdr-to to loadbalance traffic to some web servers. I have to
keep a trace of packets and bytes each server get. I tried to
enable counters on the table I use for my redirect rule but this does
not work, is this normal ? Is there another way to achieve this ?
Relevant part of pf.conf :
table <servers> counters { ipA ipB ipC }
pass in quick proto tcp to $web_carp port 80 rdr-to <servers> port 80
# pfctl -vvsT
--a-r-C servers
Addresses: 10
Cleared: Mon Sep 13 17:30:41 2010
References: [ Anchors: 0 Rules: 1 ]
Evaluations: [ NoMatch: 0 Match: 12538461 ]
In/Block: [ Packets: 0 Bytes: 0 ]
In/Pass: [ Packets: 0 Bytes: 0 ]
In/XPass: [ Packets: 0 Bytes: 0 ]
Out/Block: [ Packets: 0 Bytes: 0 ]
Out/Pass: [ Packets: 0 Bytes: 0 ]
Out/XPass: [ Packets: 0 Bytes: 0 ]
Counters works fine on out rules, though.
Unrelated but while I am on it, does someone have a working
master/master setup ? When I change my hostname.carp* files to set
carpnodes instead of vhid/advskew only one firewall seems to work, 50%
of the traffic goes to /dev/null. Everything works fine with only one
firewall up, or with both firewalls in master/slave mode.
fwA: vhid 1 -> carpnodes 1:0,2:100
fwB: vhid 2 advskew 100 -> carpnodes 1:100,2:0
Tried all balancing ip modes to no avail.
