On Sun, Oct 17, 2004 at 08:21:56PM -0700, Yuri wrote: > Heyo > > I have a failover firewall setup with 2 boxes using CARP. Everything > works ok, but i have a question about ftp-proxy... > > Box #1 has external ip: 100.100.100.2 and internal ip: 10.0.0.2 > Box #2 has external ip: 100.100.100.3 and internal ip: 10.0.0.3 > They both share external CARP address 100.100.100.1 and internal CARP: > 10.0.0.1 > > All requests that come from internal network, go out on CARP address so > from outside you see that all requests are coming from 100.100.100.1: > nat on $ext_if from $internal_net to any -> $external_carp > > All active ftp requests that use ftp-proxy are taken care of by this: > 1) rdr on $carp_int proto tcp from any to any port 21 -> 127.0.0.1 port > 8021 > 2) pass in on $ext_if inet proto tcp from any to $carp_ext user proxy > keep state > > But when i do that, the ftp requests are coming from Box's #1 external > interface ( 100.100.100.2) and not the CARP address ( 100.100.100.1 ), > and when the second box takes over they're coming from 100.100.100.3 > > Is there any ways i can force all the outgoing active ftp requests come > from CARP address (100.100.100.1) instead? If so, what changes to i need > to make in pf/carp/ftp-proxy setup...?
man 8 ftp-proxy says: -a address Specify the local IP address to use in bind(2) as the source for connections made by ftp-proxy when connecting to destination FTP servers. -j -- Jason Opperisano <[EMAIL PROTECTED]>