On 12/19/2010 07:49 PM, Johan Beisser wrote:
On Sun, Dec 19, 2010 at 9:12 AM, Alessandro Baggi
<alessandro.ba...@gmail.com> wrote:
Hi list. I've a little question about pfsync. Supposing to have two
firewall, with 3 nic, one for lan, one for wan and one for DMZ, and
supposing a similar scenario:
firewall 1 firewall 2
WAN: re0 WAN: xl0
LAN: rl0 LAN: rl0
DMZ: rl1 DMZ: rl1
when pfsync send the interface state updates on backup firewall, pfsync
update the table of states for the name of interfaces of first firewall? (in
my scenario, the syncronization won't works for re0 and xl0, right?
I don't see why not. Adjust your pf rules to use the groups field for
the interface if you're worried.
Hi list, I've tried to use the groups field for pfsync. I've changed in
my pf rules, the wan interface ext="xl0" with ext="egress", then when I
try to get a fault with firewall 1, firewall 2 become master, but all
connections die. In state tables of firewall 2 there are "syncronized"
states for xl0, but the "wan" interface is rl2. It's normal that all
connections die, there are not valid states for rl2. Then at this point
the problem persist.
There is something that I've missed with ifconfig groups field? This is
my misconfiguration or "the use of groups field" is not a valid issue
for this problem?
thanks in advance.
