Date: Wed, 27 Apr 2005 23:16:51 -0700 From: randall ehren <randall@ucsb.edu> To: randall ehren <randall@ucsb.edu> Cc: freebsd-pf@freebsd.org Subject: Re: pf + carp issue Message-ID: <42707FD3.1010308@ucsb.edu> In-Reply-To: <Pine.BSF.4.33.0504271437320.44594-100000@isber.ucsb.edu> References: <Pine.BSF.4.33.0504271437320.44594-100000@isber.ucsb.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> everything works just fine except for one problem, i cannot get my carp0
> device properly configured via a ifconfig_carp0 entry in /etc/rc.conf.
well, a couple hours later i managed to fix the problem, how exactly i
still do not know.
i did two things at once:
1) i changed my em0 interface from DHCP to use a static address
2) i added the following line to my /etc/rc.conf:
network_interfaces="lo0 em0 em1 carp0 pfsync0"
so it was one thing or another, at this point it works so that's all i
care about.
also of interest is that if you run an SSH server on your virtual
(carp0) interface, then you need to have a pf ruleset for that device:
from /etc/pf.conf:
pass in quick inet proto tcp from any to $ext_if port 22 flags S/SA
keep state
pass in quick inet proto tcp from any to $carp_if port 22 flags S/SA
keep state
i'll do a writeup of all this tomorrow and post a link to the list,
currently the only example online is for openbsd so it'd be nice to have
a freebsd version.
thanks to all those got PF and CARP running on freebsd, it's opening up
a lot of doors for what we can do within our server environment.
-randall
--
:// randall s. ehren :// voice 805.893.5632
:// systems administrator :// isber|survey|avss.ucsb.edu
:// institute for social, behavioral, and economic research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42707FD3.1010308>