* mxb <m...@alumni.chalmers.se> [2013-07-03 17:33]: > States ARE synced. > IPs are not the same on node1 and node2 for external. The you > initiated connection to ftp.fr, you done it via node1 with its external > IP. On node2 those packets will be DROPPED as those do not belong to > external NIC on node2 (IP)
again, WRONG. you are caught in your tiny little NATing home firewall scenario. and since the OP said BGP, NAT isn't all that likely there. surprise, surprise: OpenBSD and pf are capable of, good for and actually used (a lot!) for MUCH more, including way bigger setups. Including many that I manage or have helped with, besides the 99.999....% I've never seen or heard of. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
