I have 2 OpenBSD 4.0beta firewalls arranged in a CARP failover configuration with PFsync.
It seems to work very well for everything except NFS. My ssh, remote desktop and telnet connections seem to survive a failover very nicely. Unfortunately we do a little NFS and have linux clients on one side and a netapp on one of the other interfaces. The linux clients are all fedora 5 making hard interuptable mounts using TCP with the netapp set to NFS version 3. When there is a failover any NFS file copy operation hangs and in fact the whole mount seems to hang and not come back even if I fail back to the first firewall. I can however immediately create a new mount. I cant find anything on the net about this. All I can find is info about clustered OpenBSD NFS servers. Is there something I can do on the NFS side of things or anything on the PF config side? Would mounts using UDP have this issue. Would NFS 4 be the solution. Unfortunately we only have one netapp and its live so experimenting is awkward. I was hoping I wasnt the first to try and do NFS across a redundant OpenBSD firewall. This is an internal firewall between departments not across the public internet! Any help or suggestions would be much appreciated. All the best, Sincerely, Alastair Johnson
