[pf4freebsd] Re: pfsync

Josh Kayse josh.kayse at gmail.com
Mon Nov 29 16:33:09 PST 2004

On Mon, 29 Nov 2004 20:19:49 +0100, Max Laier <max at love2party.net> wrote:
> On Monday 29 November 2004 20:06, Josh Kayse wrote:
> > I don't know if you are still interested in updates, but I have run
> > the pfsync patch on FreeBSD 5.3 and it seems to be working great.
> > Keep up the great work :)
> I *am* interested in details. It's also part of the ongoing CARP patchset and
> I'll likely commit them in one go.
> Can you please tell me some details about how you tested? Are you peering two
> FreeBSD boxes or Free- and OpenBSD or something completely different?
> TIA.
> --
> /"\  Best regards,                      | mlaier at freebsd.org
> \ /  Max Laier                          | ICQ #67774661
>  X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
> / \  ASCII Ribbon Campaign              | Against HTML Mail and News

I'm peering between two FreeBSD boxes in a bridged firewall mode. 
It's successful enough for me to failover between the two without
losing tcp sessions so far.  I still have some more testing to go, but
I'd say it's working well.

Exact details of setup:
2 FreeBSD 5.3 boxes cvsup'd against RELENG_5 and rebuilt as of Sunday
(with the patch of course)
3 Interfaces, em0, em1, xl0
pfsync over xl0
em1 has a public ip address
em0 has no address
using a patched version of freevrrpd to handle failovers
(don't like having all the multicast packets flying around, and didn't
want to rely on smart switches to handle the loop)
works well so far

if you want any other information, let me know, i'll be glad to work with you

Keep up the great work


Joshua Kayse
Computer Engineering

More information about the freebsd-pf mailing list