Fw: Carp & scp loosing connection

Fri, 21 Oct 2005 14:35:25 -0700 

Sorry all a soekris 4801 not rasta, my mistake.


Hi all,

I have 2 Rasta 4801 (3.7 current) as a master and backup carp. One solaris 10
server is behind them. When I try to scp a 600MB file from 1 solaris server
outside the network to the solaris server behind the net4801, I get "network
error: connection reset by peer" error.
If I halt the master carp and the backup becomes master, no problem all 600MB
gets transfered. If I also halt the backup and the master is running by
itself, no problem either.
I then went ahead and deleted the file and rebooted the the master, the
current Master switched to backup, and I did the copy a "network error:
connection reset by peer" showed up.

So far its a either this or that running but not both, I'm completely lost here.

My pf.conf file on both machines are identical.

Thank you.

/etc/pf.conf
-----------------
ext_if="sis0"
int_if="sis1"
ext_net="104.83.19.0/24"
int_net="172.16.0.0/24"

carp5="carp5"

ross="172.16.0.3"
ross_int_webzone="172.16.0.4"

tcp_services="{22, 80}"
dns_services="{53}"

set timeout interval 10
set timeout frag 30
set block-policy return
set loginterface sis0
set skip on lo0

# scrub in all

nat on $ext_if from $int_net to any -> $ext_if static-port

rdr on $ext_if proto tcp from any to $carp5 port 22 -> $ross_int_webzone port 22

# Deny all packets
block in on sis0 all

pass in quick on $int_if all
pass out quick on $int_if all

pass in quick on $ext_if inet proto tcp from any to any port $tcp_services
flags S/SA keep state
pass out quick on $ext_if inet proto tcp from any to any port $tcp_services
flags S/SA keep state

pass in quick on $carp5 inet proto tcp from any to any port $tcp_services keep
state
pass out quick on $carp5 inet proto tcp from any to any port $tcp_services
keep state

pass quick on lo0 all

pass quick on { sis2 } proto pfsync
pass in quick on { sis0 sis1 } proto carp keep state

# Filter rules for sis0 outbound
block out on sis0 all

# pass in all
# pass out all

My master carp has the following:
---------------------------------
 ifconfig carp5 create
 ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 0 104.83.19.244
netmask 255.255.255.0

My backup carp has the following:
---------------------------------
 ifconfig carp5 create
 ifconfig carp5 vhid 5 carpdev sis0 pass netpasswd advskew 128 104.83.19.244
netmask 255.255.255.0
------- End of Forwarded Message -------

Reply via email to