Heyo
I have a failover firewall setup with 2 boxes using CARP. Everything works ok, but i have a question about ftp-proxy...
Box #1 has external ip: 100.100.100.2 and internal ip: 10.0.0.2
Box #2 has external ip: 100.100.100.3 and internal ip: 10.0.0.3
They both share external CARP address 100.100.100.1 and internal CARP: 10.0.0.1
All requests that come from internal network, go out on CARP address so from outside you see that all requests are coming from 100.100.100.1:
nat on $ext_if from $internal_net to any -> $external_carp
All active ftp requests that use ftp-proxy are taken care of by this:
1) rdr on $carp_int proto tcp from any to any port 21 -> 127.0.0.1 port 8021
2) pass in on $ext_if inet proto tcp from any to $carp_ext user proxy keep state
But when i do that, the ftp requests are coming from Box's #1 external interface ( 100.100.100.2) and not the CARP address ( 100.100.100.1 ), and when the second box takes over they're coming from 100.100.100.3
Is there any ways i can force all the outgoing active ftp requests come from CARP address (100.100.100.1) instead? If so, what changes to i need to make in pf/carp/ftp-proxy setup...?
Thanky in advance :)
P.S. Assignments are: internal_net="10.0.0.0/24" external_addr="100.100.100.2" external_carp="100.100.100.1" carp_int="carp0" (10.0.0.1) carp_ext="carp1" (100.100.100.1)
