I can't get failover of a bridging firewall to work using CARP and OpenBSD 3.7.
All the documentation + googling I've done leads me to believe it *should* work. I think. But with everything setup all I get is a flood of ARP requests that paralyze the network and the firewalls. The setup: Two computers, each with 4 Ethernet ports: fxp0 -- WAN -- no IP address rl0 -- LAN -- no IP address rl1 -- SSH -- public IP address rl2 -- pfsync -- directly connected to other computers, IP's are 10.0.0.1 and 10.0.0.2. fxp0, rl0, rl1 all work fine. bridgename.bridge0 works fine, the bridges work great on each computer individually), tcpdump indicates that pfsync (hostname.pfsync0) works fine too. In addition to settings needed for bridging, net.inet.carp.preempt=1 and net.inet.carp.log=1 are set. Here are my carp settings for the primary firewall: hostname.carp0: up vhid 1 carpdev fxp0 pass passxxxx advbase 3 hostname.carp1: up vhid 2 carpdev rl0 pass passyyyy advbase 3 and for the secondary: hostname.carp0: up vhid 1 carpdev fxp0 pass passxxxx advbase 3 advskew 100 hostname.carp1: up vhid 2 carpdev rl0 pass passyyyy advbase 3 advskew 100 I tried adding a publicly-routable IP address to carp0 and carp1, but I got a "couldn't set this IP address" error from those two interfaces when I ran netstart. Or should I use a non-routable IP here? pf.conf consists of just: set loginterface fxp0 pass all keep state Network looks like: --------firewall A ----- T1 --> crappy 8-port unmanaged switch --| | --- unmanaged switch --------firewall B ----- Any help would be much appreciated! Ramsey