carp + pfsync + pf

Ronald Chan
Sun Apr 20 06:58:15 UTC 2008


 Hi! Good day, my first post to this lists, was unreadable due to or
possibly a yahoo bug, well here it goes, i have been task to setup a
redundant firewall. Setting up carp + pfsync was a breeze even though
carpdev option was not present as of this time to freebsd.

My preliminary test shows that through simulation (yanking the cable
and so on), the secondary firewall successfully takeover the primary
and the firewall state is sync via crossover cable on both machine.

pfctl -s s show both machine have a common state but the problem is
the connection dies unexpectedly on the client side during simulation.

note: On OpenBSD the same setup and configuration is made and its
working perfectly without a hitch though it's a different machine.

can someone please shed some light about this? Thanks in adavnce to all

Best regards,

Ronald Chan

