Is there a reason that I don't understand why TCP SYN Proxy wouldn't
work on a CARP interface?
If I run a web server on a physical interface with
pass in on $ext_if proto tcp from any to $web_server port www \
flags S/SA synproxy state
will work as explain in the FaQ, but if I try to do the same where I run
the web server on a CARP interface it wouldn't accept it. Something like:
pass in on $ext_if proto tcp from any to carp1 port www \
flags S/SA synproxy state
will not work but this would:
pass in on $ext_if proto tcp from any to carp1 port www
May be I am trying to do something that makes no sense, but I thought it
should work, so that I could in the end use additional filtering and
limits with
pass in on $ext_if proto tcp from any to carp1 port www \
flags S/SA synproxy state \
(max 200, source-track rule, max-src-nodes 100, max-src-states 3)
