-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 15 Dec 2004 07:33:51 -0500 Jason Dixon <[EMAIL PROTECTED]> wrote:
> > Sorry for this lengthy reply, I hope you all can forgive me for > > this, but as I am but a beginner with PF/CARP I hope we can avoid > > hostility. > > > > I have two boxes, with similar configs, on IP addresses 10.10.1.131 > > and 10.10.1.134, both /16. > [snip] > > What is working and what isn't? What is the output of "ifconfig -a" > on each box? Basically I do not know what I had done wrong in my PF. I ventured a different approach, so I added a third interface to each box, giving me a cross over for pfsync to run on, so I then had lo0, xl0, fxp0, and sis0/dc0 interfaces, so to save getting things wrong, i used the following rule for all interfaces: pass in quick on interface all keep state pass out quick on interface all keep state Woah and behold, things began to look promising as I was able to ping various devices. After one day of head scratching and things not routing well I noticed some odd ARP packets, a few hours later I realised that I had connected the cross over cable between the wrong interfaces, then wow! Things actually started to work, all except of course the mirroring of state table. Pfsync was not running: ifconfig pfsync0 up Things are nearly fully functional for me now, however, I don't seem to have perfect throughput when a box is shot in the head, sometimes things work OK for the client, and some times they don't and connections either lag to the point of timeout, or just drop and cant get re-established. Sorry if I sound like a "Loinux whiny", I'm almost there, just need a few more pointers. 1) If I reduce advskew to something like 10 on machine A and 12 on machine b, would that increase the stability of the firewalls? 2) Why does it seem that when the master returns from me issuing a reboot does the connection for the client appear to get shaky again? - -- /-- _| | Regards. Please note, my PGP key ID has changed. |-- / | | If you are planning on sending me something encrypted \__ \_| | please update your keyring. Debian/OpenBSD. 53C9FC6C. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBwghdjtZArFPJ/GwRAu2LAJ9JhfN5KyDkitwcG4LYRFyNMsTTwQCbBE7I fNYABQeZXtQJyfnZiGVNXTg= =rJfZ -----END PGP SIGNATURE-----
