[pf4freebsd] Re: pfsync
josh.kayse at gmail.com
Mon Nov 29 16:33:09 PST 2004
On Mon, 29 Nov 2004 20:19:49 +0100, Max Laier <max at love2party.net> wrote:
> On Monday 29 November 2004 20:06, Josh Kayse wrote:
> > I don't know if you are still interested in updates, but I have run
> > the pfsync patch on FreeBSD 5.3 and it seems to be working great.
> > Keep up the great work :)
> I *am* interested in details. It's also part of the ongoing CARP patchset and
> I'll likely commit them in one go.
> Can you please tell me some details about how you tested? Are you peering two
> FreeBSD boxes or Free- and OpenBSD or something completely different?
> /"\ Best regards, | mlaier at freebsd.org
> \ / Max Laier | ICQ #67774661
> X http://pf4freebsd.love2party.net/ | mlaier at EFnet
> / \ ASCII Ribbon Campaign | Against HTML Mail and News
I'm peering between two FreeBSD boxes in a bridged firewall mode.
It's successful enough for me to failover between the two without
losing tcp sessions so far. I still have some more testing to go, but
I'd say it's working well.
Exact details of setup:
2 FreeBSD 5.3 boxes cvsup'd against RELENG_5 and rebuilt as of Sunday
(with the patch of course)
3 Interfaces, em0, em1, xl0
pfsync over xl0
em1 has a public ip address
em0 has no address
using a patched version of freevrrpd to handle failovers
(don't like having all the multicast packets flying around, and didn't
want to rely on smart switches to handle the loop)
works well so far
if you want any other information, let me know, i'll be glad to work with you
Keep up the great work
More information about the freebsd-pf