ipfw and carp

[gahn]

Thanks!

Indeed I did have:

${fwcmd} 140 allow all from $CARP-PEER_physical_interface to any via $local_external_interface

But it alone doesn't seem to be enough, sometimes it work but sometimes it doesn't. with tcpdump, sometimes I can't see the VRRPv2 advertisement.

So now i added:

${fwcmd} 150 allow all from any to 224.0.0.18 vi $local_external_interface

now it seem to be working perfect.




--- On Wed, 3/18/09, Nikos Vassiliadis <nvass9573 at gmx.com> wrote:

> From: Nikos Vassiliadis <nvass9573 at gmx.com>
> Subject: Re: ipfw and carp
> To: ipfreak at yahoo.com
> Cc: "freebsd general questions" <freebsd-questions at freebsd.org>
> Date: Wednesday, March 18, 2009, 1:21 AM
> gahn wrote:
> > Did any one use ipfw with CARP before? is there
> anything specific
> > about ipfw configurations working with CARP? I have
> two servers and
> > they configured with CARP. they are working fine
> except i can't turn
> > on ipfw.
> 
> Did you add the rules needed to let CARP traffic in and out
> of the
> boxes?
> 
> ipfw denies everything by default. So, you have to
> explicitly
> let CARP traffic through. Something like "allow carp
> from any
> to any" would do for a quick test.
> 
> Nikos
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"