* Nick <[EMAIL PROTECTED]> [2005-11-11 03:34]: > not really, if you understand the modular approach here. > > > My config: > ... > > > Can anybody reproduce it, and has a solution for this problem? > > Any help would be very nice! :-) > > Look at the pieces here: > * CARP gives you redunancy on your INTERFACES...not your entire firewall. > * pfsync keeps your firewall state tables in sync, so either machine can > take over. > > If you lose a box completely, your system is fine. If you lose one > cable or one NIC or so on, you have a problem. > > What you need is something that will watch all interfaces and shut down > ALL (forcing a COMPLETE fail-over) if something goes wrong with any. > > That's a third part of the CARP toolset: ifstated(8) and ifstated(5).
nononononononononononono carp does that itself if preemp is enabled, if one interface becomes backup the others go to advskew 240 (and thus to backup too if there is a sane master around) -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
