From owner-freebsd-stable@FreeBSD.ORG Tue Nov 8 16:31:12 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 50B4916A41F for ; Tue, 8 Nov 2005 16:31:12 +0000 (GMT) (envelope-from rihad@mail.ru) Received: from mx2.mail.ru (mx2.mail.ru [194.67.23.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB02643D46 for ; Tue, 8 Nov 2005 16:31:11 +0000 (GMT) (envelope-from rihad@mail.ru) Received: from [62.212.229.5] (port=37590 helo=[62.212.229.5]) by mx2.mail.ru with esmtp id 1EZWNG-0001AP-00; Tue, 08 Nov 2005 19:31:06 +0300 Message-ID: <4370D2CA.6040301@mail.ru> Date: Tue, 08 Nov 2005 20:31:06 +0400 From: rihad User-Agent: Debian Thunderbird 1.0.2 (X11/20051002) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-stable@freebsd.org References: <20051108102849.C0A4016A444@hub.freebsd.org> In-Reply-To: <20051108102849.C0A4016A444@hub.freebsd.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: sarxan@azerin.com Subject: Re: Fwd: carp + ipfw problem X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Nov 2005 16:31:12 -0000 > Hello all, > > I'm trying to configure a firewall with carp + ipfw, but I encountered the > strange problem. > > Packets are bypassing carp interface, instead ipfw log shows packet flow > to/from physical interface, e.g.: > http://www.countersiege.com/doc/pfsync-carp/ "it is important to keep in mind that from pf's perspective, all traffic comes from the physical interface, even if it is routed through the carp address. However, the address is of course associated with the carp interface."