It is probably more correct to say that Carp multicasts on all interfaces that have Carp addresses assigned.
Just to clarify, as there seems to be some confusion over pfsync and Carp. These are in fact not the same thing: Carp is the mechanism to automatically fail-over from one interface to another, whilst pfsync is used to keep the state tables of two firewalls in synch. They are normaly deployed together, but they are not related to each other. pfsync multicasts it's state table updates on a designated interface; Carp determines the status of the interfaces by sending and receiving multicasts on the interface that shares the Carp address. /Peter On Saturday 06 May 2006 06:45, sai wrote: > >Carp advertisements are sent on all interfaces. It's multicast. > >Make sure that from one node you can reach the other one on all > > interfaces. > > Whoa! Are you sure about this? I have just got a 2 node carp set up > working (well probably working!) and did not take this into account. I > have a dedicated carp interface and have only allowed traffic between > the 2 pfsense machines on this interface. > I see failover work, and I see rules added to the master being > propogated to the slave. > > I do not see any carp traffic on my other interfaces being blocked. > > sai > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
