pf + carp issue
randall ehren
randall at ucsb.edu
Wed Apr 27 23:16:58 PDT 2005
> everything works just fine except for one problem, i cannot get my carp0
> device properly configured via a ifconfig_carp0 entry in /etc/rc.conf.
well, a couple hours later i managed to fix the problem, how exactly i
still do not know.
i did two things at once:
1) i changed my em0 interface from DHCP to use a static address
2) i added the following line to my /etc/rc.conf:
network_interfaces="lo0 em0 em1 carp0 pfsync0"
so it was one thing or another, at this point it works so that's all i
care about.
also of interest is that if you run an SSH server on your virtual
(carp0) interface, then you need to have a pf ruleset for that device:
from /etc/pf.conf:
pass in quick inet proto tcp from any to $ext_if port 22 flags S/SA
keep state
pass in quick inet proto tcp from any to $carp_if port 22 flags S/SA
keep state
i'll do a writeup of all this tomorrow and post a link to the list,
currently the only example online is for openbsd so it'd be nice to have
a freebsd version.
thanks to all those got PF and CARP running on freebsd, it's opening up
a lot of doors for what we can do within our server environment.
-randall
--
:// randall s. ehren :// voice 805.893.5632
:// systems administrator :// isber|survey|avss.ucsb.edu
:// institute for social, behavioral, and economic research
More information about the freebsd-pf
mailing list