On 01/06/2011 05:54 PM, Johan Fredin wrote:
On 2 jan 2011, at 10:42, Alessandro Baggi wrote:
Hi list and happy new year to all. Now, I've solve temporarly this problem
using ifstated, and master and backup work fine. For pfsync nic, in past I had
used a dedicated nic for pfsync but now cause xl0 for wan, rl0 for lan and rl1
for dmz, I must use rl0 only 3 nic. I've read on OpenBSD FAQ that we can use
the same iface, but using IPSec.
Best regards
For now it's only testing, but in future
Hi Alessandro,
As you say, it shouldn't be an issue to use a "non-dedicated" NIC for the
pfsync/carp traffic. But your issue doesn't really have anything to do with pfsync, since
it seems to be purely a carp issue.
What does your PF rules look like for the carp traffic? I saw in an earlier
post that you pass everything out, but are you also letting the carp traffic in
on both nodes?
/Johan
Hi johan, for this problem I've reduced my pf.conf to:
pass in all
pass out all
on fw1 and fw2 and carp interfaces communicate beetwen them, same with
the entire pf rule set. I've tried also to set the slave as master and
viceversa, but the problem persists. I've solved this problem with
ifstated, and using "macro relevation" when a iface become down,
ifstated set advskew to 254 (demoted) and my backup become the master.
Then, it seems to be that preempt is not setted up to 1 on master and
slave. do you think the same?
thanks in advance