On 12/22/2010 01:18 AM, Stuart Henderson wrote:
On 2010-12-19, Alessandro Baggi<alessandro.ba...@gmail.com> wrote:
Hi list. I've a little question about pfsync. Supposing to have two
firewall, with 3 nic, one for lan, one for wan and one for DMZ, and
supposing a similar scenario:
firewall 1 firewall 2
WAN: re0 WAN: xl0
LAN: rl0 LAN: rl0
DMZ: rl1 DMZ: rl1
when pfsync send the interface state updates on backup firewall, pfsync
update the table of states for the name of interfaces of first firewall?
(in my scenario, the syncronization won't works for re0 and xl0, right?
Then, firewall 2 box must have nic card name equal to nic card name of
first firewall or they can to be different? if this is the issue, and
having those scenario, there is a method to make a valid update for re0
and xl0?
thanks in advance.
states don't normally depend on the interface (and if you *do* make
them dependent on that with if-bound states, i'm not sure if pfsync
handles that...)
are you having problems or is this theoretical? if you're having
problems then send a dmesg and full details. if it's theoretical,
why don't you just try it for yourself? this stuff is easy to
check and first-hand experience beats a post from some random
dude on a mailing list.
This problem is not theoretical.
