Re: binding services on carp
I got it, for those who don't know, you have to bind to the carp adresse but with a specific pf entry. rdr on $ExtIf proto tcp from any to carp0 port ftp tag FTPROXY -> lo0 port 8021 pass in log on $ExtIf inet proto tcp from any to lo0 port 8021 flags S/SA keep state tagged FTPROXY Works like a charm ! Gotta love OpenBSD ! "Nonviolence means avoiding not only external physical violence but also internal violence of spirit. You not only refuse to shoot a man, but you refuse to hate him". Rev. Martin Luther King Jr. On Wed, May 27, 2009 at 8:25 AM, Stephan A. Rickauer wrote: > On Tue, 2009-05-26 at 16:18 -0400, uday wrote: >> Hey guys, >> >> A quick question, is there a way to bind services to the carp >> interface ? You see I have an ftp-proxy running and I wanted to use >> carp since I'm already doing fail-over with PF. >> >> FTP client --> Redundant Firewall w/ftp-proxy --> Internal FTP-SERVER > > man ftp-proxy, see -a flag.
Re: binding services on carp
On Tue, 2009-05-26 at 16:18 -0400, uday wrote: > Hey guys, > > A quick question, is there a way to bind services to the carp > interface ? You see I have an ftp-proxy running and I wanted to use > carp since I'm already doing fail-over with PF. > > FTP client --> Redundant Firewall w/ftp-proxy --> Internal FTP-SERVER man ftp-proxy, see -a flag.
binding services on carp
Hey guys, A quick question, is there a way to bind services to the carp interface ? You see I have an ftp-proxy running and I wanted to use carp since I'm already doing fail-over with PF. FTP client --> Redundant Firewall w/ftp-proxy --> Internal FTP-SERVER HTTP Client --> Redundant Firewall w/ Relayd --> Internal Apache Servers If carp is not suitable, does anyone have any experience implementing something like this ? Thanks for tips. UM "Nonviolence means avoiding not only external physical violence but also internal violence of spirit. You not only refuse to shoot a man, but you refuse to hate him". Rev. Martin Luther King Jr.
