On Sun, Oct 17, 2004 at 08:21:56PM -0700, Yuri wrote:
> Heyo
>
> I have a failover firewall setup with 2 boxes using CARP. Everything
> works ok, but i have a question about ftp-proxy...
>
> Box #1 has external ip: 100.100.100.2 and internal ip: 10.0.0.2
> Box #2 has external ip: 100.100.100.3 and internal ip: 10.0.0.3
> They both share external CARP address 100.100.100.1 and internal CARP:
> 10.0.0.1
>
> All requests that come from internal network, go out on CARP address so
> from outside you see that all requests are coming from 100.100.100.1:
> nat on $ext_if from $internal_net to any -> $external_carp
>
> All active ftp requests that use ftp-proxy are taken care of by this:
> 1) rdr on $carp_int proto tcp from any to any port 21 -> 127.0.0.1 port
> 8021
> 2) pass in on $ext_if inet proto tcp from any to $carp_ext user proxy
> keep state
>
> But when i do that, the ftp requests are coming from Box's #1 external
> interface ( 100.100.100.2) and not the CARP address ( 100.100.100.1 ),
> and when the second box takes over they're coming from 100.100.100.3
>
> Is there any ways i can force all the outgoing active ftp requests come
> from CARP address (100.100.100.1) instead? If so, what changes to i need
> to make in pf/carp/ftp-proxy setup...?
man 8 ftp-proxy
says:
-a address
Specify the local IP address to use in bind(2) as the
source for connections made by ftp-proxy when connecting
to destination FTP servers.
-j
--
Jason Opperisano <[EMAIL PROTECTED]>
