On 07/04/15(Tue) 15:42, David Newman wrote:
On 3/30/15 12:54 PM, Martin Pieuchot wrote:
[...]
Not OK for the carp interfaces. On the production machines I'm
replicating here as VMs, it looks like the carp interfaces are bound to
themselves -- note that the last column is carp21:
#
On 4/8/15 2:42 AM, Martin Pieuchot wrote:
On 07/04/15(Tue) 15:42, David Newman wrote:
On 3/30/15 12:54 PM, Martin Pieuchot wrote:
[...]
Not OK for the carp interfaces. On the production machines I'm
replicating here as VMs, it looks like the carp interfaces are bound to
themselves -- note
On 3/30/15 12:54 PM, Martin Pieuchot wrote:
On 30/03/15(Mon) 11:58, David Newman wrote:
On 3/29/15 12:38 PM, mxb wrote:
Probably your PF rules.
put in ‘pass quick proto icmp’.
No joy. This did not improve on the existing ICMP rule in pf.conf.
I think the root problem is that on both
On 30/03/15(Mon) 11:58, David Newman wrote:
On 3/29/15 12:38 PM, mxb wrote:
Probably your PF rules.
put in ‘pass quick proto icmp’.
No joy. This did not improve on the existing ICMP rule in pf.conf.
I think the root problem is that on both firewalls the physical and CARP
interface
On 3/29/15 12:38 PM, mxb wrote:
Probably your PF rules.
put in ‘pass quick proto icmp’.
No joy. This did not improve on the existing ICMP rule in pf.conf.
I think the root problem is that on both firewalls the physical and CARP
interface addresses are bound to lo0 instead of vic1. Here both
Probably your PF rules.
put in ‘pass quick proto icmp’.
On 28 mar 2015, at 00:59, David Newman dnew...@networktest.com wrote:
Greetings. In preparation for upgrading two CARP+pfsync boxes to
5.6/i386, I put together a lab network to test new firewall rules.
Topology is pretty simple:
Greetings. In preparation for upgrading two CARP+pfsync boxes to
5.6/i386, I put together a lab network to test new firewall rules.
Topology is pretty simple:
outside box (vic0) - (vic1) two carp boxes (vic0) - inside box
with a third interface on each firewall for pfsync traffic. I'm focused
7 matches
Mail list logo
