Thanks!
Indeed I did have:
${fwcmd} 140 allow all from $CARP-PEER_physical_interface to any via
$local_external_interface
But it alone doesn't seem to be enough, sometimes it work but sometimes it
doesn't. with tcpdump, sometimes I can't see the VRRPv2 advertisement.
So now i added:
${fwcmd} 150 allow all from any to 224.0.0.18 vi $local_external_interface
now it seem to be working perfect.
--- On Wed, 3/18/09, Nikos Vassiliadis <[email protected]> wrote:
> From: Nikos Vassiliadis <[email protected]>
> Subject: Re: ipfw and carp
> To: [email protected]
> Cc: "freebsd general questions" <[email protected]>
> Date: Wednesday, March 18, 2009, 1:21 AM
> gahn wrote:
> > Did any one use ipfw with CARP before? is there
> anything specific
> > about ipfw configurations working with CARP? I have
> two servers and
> > they configured with CARP. they are working fine
> except i can't turn
> > on ipfw.
>
> Did you add the rules needed to let CARP traffic in and out
> of the
> boxes?
>
> ipfw denies everything by default. So, you have to
> explicitly
> let CARP traffic through. Something like "allow carp
> from any
> to any" would do for a quick test.
>
> Nikos
> _______________________________________________
> [email protected] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[email protected]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[email protected]"
