Multiple ftp servers behind pf with carp multi-ip
Alexandre Biancalana
biancalana at gmail.com
Wed May 27 22:08:42 UTC 2009
Hi list,
I have two firewall with 7.2-STABLE, PF and Carp for failover.
The machine have one physical interface dedicated to two internet
links (from different providers) and using two vlans on top of this
physical interface. Each vlan have one real ip address and a carp
interface with multiple real ip addresses for each vlan. I have three
ftp servers with invalid ip addresses behind the firewall that need to
be accessible from internet.
Then I configured ftp-proxy in the following way:
ftp-proxy -a <internal_fw_ip> -b <ftp_external_ip> -p21 -R <ftp_internal_ip>
When ftp_external_ip is an ip associated to the carp interface, the
ftp connection is unstable, some times the connection is opened, some
times the connection is broken in the middle of list command or before
enter the password. If I start the ftp-proxy command using as
ftp_external_ip the ip associated with the vlan interface everything
works great.
This machines are in production, so I'm building a lab with virtual
machines to do some experiments and try to reproduce this.
Did someone had seen something like this before ?
I can provide any additional information needed for help troubleshooting.
Best Regards,
Alexandre
More information about the freebsd-pf
mailing list