Hi, I'm trying to replicate http://eugen.leitl.org/carp-cluster-new.htm (my local mirror of the official tutorial) on a slightly different setup. I'm using pfSense 1.0.1 embedded, which is slightly different from the version described in the tutorial.
I would like to install the firewall on Monday, and would like to donate $50 to the pfSense project or offer as a bounty to the individual offering me information leading to success. What I have is a pair of mini-ITX systems which only have two NICs each. I've tried to configure a SYNC over WAN (should I better use the LAN side?) similiar as in the tutorial, unfortunately the behaviour deviates from the described in the tutorial because the backup (right-pfsense.local) never picks up the changes in Status->CARP (failover). My status is shown as empty. Alert status is: [sync settings] A communications error occured while attempting XMLRPC sync with https://192.168.1.6:443 (I'm testing this on the local LAN because it is really hard to do it in production for lack of decent display on site, little time and high noise level -- can I safely tinker with this remotely without having to touch network cables, or do I risk make one or the other firewall machine unreachable, requiring a crossover serial cable for reconfiguration and a visit on-site?). My second question is that I don't have a WAN/LAN setup, but actually like to have a filtering bridge or router-like (I already know filtering bridge doesn't work with the cluster) setup. Unfortunately I'm still pretty much an idiot with networking, so I don't really know what I'm doing. I've got a public /24 network (85.10.225.0/24) with 85.10.225.1 as a gateway, and would like to filter traffic to other machines, physical and virtual, based by IP. I would like to use 85.10.225.5 and 85.10.225.6 as IPs on the WAN side of the pfSense machines (I've got "Static IP configuration" set as 85.10.225.5/24 and Gateway 85.10.225.1 on left-pfSense.local, and 85.10.225.6/24 and Gateway 85.10.225.1 on right-pfSense.local). The gateway cable goes to the switch port #1, 85.10.225.5 is port #5 and 85.10.225.6 is port #6. Am I correct in the assumption that I need to define a switch VLAN for port 1, 5, 6? For the machines on the LAN side, I will have to define a VLAN including the ports of all other machines to be filtered, is this correct? What IP address need I set up on the "LAN" side, 85.10.225.1? What do I need to put in the Virtual IP address section, some other, real IPs from the 85.10.225.0/24 network? Please help me, Obi-Wan, you're my only hope. -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
signature.asc
Description: Digital signature
