Ok guys. I will do it tonight once I reach home. I will also send my pf.conf
file.
Also, does it matter since I have different interfaces on FW1 and FW2?
FW1, xl0, fxp0 and fxp1
FW2: rl0, fxp0 and ne3
Thanks guys! ;)
Neil
Matt Rowley writes:
I got pf and carp working together. However, I have noticed that TCP
oriented application doesn't get recover well when I disconnect a
cable. I setup a netcat listener on a machine inside the network.
Then I ran netcat from another machine outside the network. I was
able to connect and was able to send some characters. However, when I
disconnected the primary firewall's external interface, netcat won't
work anymore until I execute netcat again that connects to the shared
external ip address. Am I missing any configuration? Looks like it's
related to pf state tables not being sent to the backup firewall.
Show your entire pf.conf.
Let's see some troubleshooting commands. Run ifconfig before and after
pulling the cable, etc.
pfctl -s state on the carp slave would also be helpful, to see if pfsync
is getting through.
