from a firewall's
state table?
I have done some digging (OpenBSD pf faq, google etc) but if anyone can
point out any docs for me to RTFM then please do. Im wearing my asbestos
underwear ;)
yours,
Neil S.
Hi Henning,
It's ok. I have CARP redundancy working in a routed environment. The former
I did was a NAT environment and failover on CARP worked great too. :)
Henning Brauer writes:
* Neil <[EMAIL PROTECTED]> [2005-10-05 00:10]:
So are you saying that failover will still work
Disregard, I got it working!
Neil writes:
I've attached a link so you can understand what I'm talking about
http://restricted.dyndns.org/target/fw-failover.gif
My real confusion is that if I use 209.242.x.102 as carp interface for
both of the firewalls lan card, and the we
t think it will work. What is the solution to this kind of scenario?
Will RDR work for the same subnet?
Neil writes:
hey guys,
I'm in a confustion. I'm planning to install a new firewall by changing
the freebsd ipf with openbsd's pf. However, with the current ip addresses
th
network block, how will I be able to use this ip address as carp ip
address?
I would like to retain the settings but still able to take advantage of
firewall failover via pf/carp and pfsync. Is this possible with my situation
or do I really have to change the ip addressing?
Thanks,
Neil
So are you saying that failover will still work on a route setup?
ed writes:
On Mon, 03 Oct 2005 23:19:30 -0500
"Neil" <[EMAIL PROTECTED]> wrote:
Hey guys,
What will I change in pf.conf if I'm not going to use NAT anymore?
It's because, the current setup of
ven if one firewall
goes down or cables get disconnected.
Here is my pf.conf in my test setup. Let's just assume that the ip addresses
and subnets below are routable.
Thanks,
Neil
---pf.conf
ext_if="fxp1"
int_if="xl0"
pfsync_if="fxp0"
carp_interfaces
Hi Jason,
I would like to try your #1 suggestion but unfortunately, I don't know where
to start. What are the programs I need? What configuration? Is there any
existing sample configuration on a link that I can follow?
Thanks for explaining this in very detail.
Neil
Jason Dixon w
nside and that is
working well. :)
Neil writes:
Hi Joel,
I just created a new email post. :)
Thanks,
neil
j knight writes:
Neil wrote:
Yup that did the fix for the inbound. Now, I tried connecting to an ssh
server from the internal machine to the external machine running op
Hi Joel,
I just created a new email post. :)
Thanks,
neil
j knight writes:
Neil wrote:
Yup that did the fix for the inbound. Now, I tried connecting to an ssh
server from the internal machine to the external machine running openssh
and i disconnected the cable, however, the ssh
first one. It's awesome! :D
j knight writes:
Neil wrote:
Ok guys. I will do it tonight once I reach home. I will also send my
pf.conf file.
Also, does it matter since I have different interfaces on FW1 and FW2?
FW1, xl0, fxp0 and fxp1
FW2: rl0, fxp0 and ne3
You're using 'set
Please let me know what you find.
Thanks in advance,
Neil
Matt Rowley writes:
I got pf and carp working together. However, I have noticed that TCP
oriented application doesn't get recover well when I disconnect a
cable. I setup a netcat listener on a machine inside the network.
Ok guys. I will do it tonight once I reach home. I will also send my pf.conf
file.
Also, does it matter since I have different interfaces on FW1 and FW2?
FW1, xl0, fxp0 and fxp1
FW2: rl0, fxp0 and ne3
Thanks guys! ;)
Neil
Matt Rowley writes:
I got pf and carp working together
pf state tables
not being sent to the backup firewall.
Please help.
Thanks,
Neil
Neil writes:
Hi guys,
I'm very new to carp. I used openbsd and pf about 2 yrs so I have
forgotten it too. Anyways, I just finished building 2 machines with 3 nics
on each machine. I got CARP work
bad or cable
gets disconnected, what happens?
5. Other than this setup, are there anything that I can add to make it much
more reliable?
Thanks in advance!
Neil
15 matches
Mail list logo
