Date: Wed, 10 Dec 2008 14:12:02 +0200 From: Alexander Vyrlanovich <iskander@apple-park.kiev.ua> To: freebsd-pf@freebsd.org Subject: Dose pfsync work with route-ro/reply-to rules? Message-ID: <1A5D8974-8BEE-4998-B029-737E32DB3C83@apple-park.kiev.ua>
next in thread | raw e-mail | index | archive | help
Hello All I have two firewalls with CARP + pfsync for failover #uname -mrs: FreeBSD 7.1-PRERELEASE i386 sources from Nov 24 Three ISPs are connected, default route points to ISP1 I use pf "route-to" option to forward some traffic via ISP2 and ISP3 The problem: When backup firewall becomes a master, all packets forwarded via ISP2 and ISP3 which has a state in state table, go to the ISP1 (default route) and of course are blocked by pf on outgoing interface. More over, those packets bypass nat rules and try to go out as is. Looks like pfsync loses routing information. Can somebody confirm this? Alexander Vyrlanovich System Administrator
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1A5D8974-8BEE-4998-B029-737E32DB3C83>