Fred, Did you also enable net.inet.carp.preempt?
net.inet.carp.preempt equaling one(1) allows hosts within a redundancy group that have a better advbase and advskew to preempt the master. In addition, this option also enables failing over all interfaces in the event that one interface goes down. If one physical CARP-enabled interface goes down, CARP will change advskew to 240 on all other CARP-enabled interfaces, in essence, failing itself over. CARP Firewall Failover for OpenBSD http://calomel.org/pf_carp.html -- Calomel @ http://calomel.org Open Source Research and Reference On Wed, Apr 02, 2008 at 12:06:34PM -0500, Fred Newtz wrote: >I have two machines configured with OpenBSD carp pf and pfsync. The state >table is syncing properly. I have one webserver behind >the two firewall machines. For some reason my master machine (which is >working) will freeze up. The interfaces all failover >properly but no traffic will pass through the backup machine. I am pretty new >at this so please tell me if I can provide any >configuration information to help determine what is going on here. I can pass >traffic between the fw2 (backup firewall) and my >webserver just fine. > >I have 6 carp interfaces setup. One of them is my gateway interface for the >webserver to get back out of the network. During >testing I am only ifconfig carp2 down for one of my interfaces. Do I need to >fail the gateway carp interface as well for this to >work properly? > >Thanks, > >Fred
