From owner-freebsd-pf@FreeBSD.ORG Wed Dec 30 07:04:24 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 09AF41065672 for ; Wed, 30 Dec 2009 07:04:24 +0000 (UTC) (envelope-from k@kevinkevin.com) Received: from mail-yx0-f171.google.com (mail-yx0-f171.google.com [209.85.210.171]) by mx1.freebsd.org (Postfix) with ESMTP id C80B48FC13 for ; Wed, 30 Dec 2009 07:04:23 +0000 (UTC) Received: by yxe1 with SMTP id 1so10836846yxe.3 for ; Tue, 29 Dec 2009 23:04:21 -0800 (PST) Received: by 10.101.7.35 with SMTP id k35mr26661234ani.179.1262156660915; Tue, 29 Dec 2009 23:04:20 -0800 (PST) Received: from kkPC (not.enough.unixsluts.com [76.10.166.187]) by mx.google.com with ESMTPS id 22sm12618854iwn.12.2009.12.29.23.04.19 (version=SSLv3 cipher=RC4-MD5); Tue, 29 Dec 2009 23:04:19 -0800 (PST) From: "kevin" To: Date: Wed, 30 Dec 2009 02:03:41 -0500 Message-ID: <012c01ca891e$393e7860$abbb6920$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 thread-index: AcqJHjgxhmlrHHwPQNOvY9Mq2lfrKw== Content-Language: en-us Subject: carpdev : bad value? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Dec 2009 07:04:24 -0000 Hello, I am currently evaluating high availability firewalls with carp (7.2-RELEASE, PF) and have run into a problem that I would hope someone here can explain for me. According to OpenBSD's documentation on CARP, they allow an ifconfig carp directive called 'carpdev', which allows you to manually specify which physical interface you want to be associated with the redundancy group. By default, according to the documentation, carp determines which interface to add depending on if the carp assigned IP is in the same subnet. Unfortunately, am having trouble implementing this directive : # ifconfig carp0 vhid 1 pass password advskew 100 carpdev rl0 192.168.1.70/32 255.255.255.0 ifconfig: carpdev: bad value The reason I need to manually specify this directive is because there will be multiple physical interfaces that are on the same subnet, but would either be on the inside or outside interfaces from the firewall perspective. Unfortunately, the FreeBSD documentation actually omits any mentioning of the carpdev directive so I thought maybe someone here could enlighten me as to why I cant manually specify the physical interface. This has been attempted on 7.1-PRERELEASE as well as 7.2-RELEASE. Thanks in advance! Kevin