CARP question

Thu, 01 Sep 2005 12:42:21 -0700 

Hi All,

I'm running in a test environment 2 soekris net4801 3.7-current as a
firewall/CARP.

fw1 I prefer to be the master and fw2 as the backup

The configuration is as follows, sis2 is connected back to back, sis1 is
my LAN, and sis0 is the WAN:

fw1
---
sysctl -w net.inet.carp.preempt=1

 ifconfig sis0 144.23.11.240 netmask 255.255.255.0
 ifconfig sis1 172.16.0.1 netmask 255.255.255.0
 ifconfig sis2 10.10.10.1 netmask 255.255.255.0

 ifconfig pfsync0 syncdev sis2
 ifconfig pfsync0 up

 ifconfig carp7 create
 ifconfig carp7 vhid 7 carpdev sis0 pass netpasswd advskew 50
144.23.11.246 netmask 255.255.255.0


fw2
---
sysctl -w net.inet.carp.preempt=1

 ifconfig sis0 144.23.11.249 netmask 255.255.255.0
 ifconfig sis1 172.16.0.1 netmask 255.255.255.0
 ifconfig sis2 10.10.10.1 netmask 255.255.255.0

 ifconfig pfsync0 syncdev sis2
 ifconfig pfsync0 up

 ifconfig carp7 create
  ifconfig carp7 vhid 7 carpdev sis0 pass netpasswd advskew 128
144.23.11.246 netmask 255.255.255.0

pf.conf
-------
*snip*
ext_if="sis0"
ross_int_dnszone="172.16.0.7"

rdr on $ext_if proto tcp from any to $carp7 port 22 -> $ross_int_dnszone
port 22

pass quick on { sis2 } proto pfsync
pass on { sis0 sis1 } proto carp keep state

*snip*




Now if I do an ifconfig -a I see the carp on fw2(backup firewall):

carp7: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        carp: MASTER carpdev sis0 vhid 7 advbase 1 advskew 128
        groups: carp
        inet 144.23.11.246 netmask 0xffffff00 broadcast 144.23.11.255

and carp7 on fw1 (master firewall):

carp7: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        carp: BACKUP carpdev sis0 vhid 7 advbase 1 advskew 50
        groups: carp
        inet 144.23.11.246 netmask 0xffffff00 broadcast 144.23.11.255



I have 2 questions I hope someone can help:

1) How can I make fw1 the master, I thought by going with the default
advskew of 0 fw1 would be the master.
2) When I reboot fw2, carp7 on fw1 becomes master, however if I issue the
command "ifconfig carp7 down" although carp7 of fw1 becomes Master and fw2
goes into INIT, I no longer can access "$ross_int_dnszone" using ssh.

fw2 # ifconfig carp7 down
fw2 # ifconfig carp7
carp7: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        carp: INIT carpdev sis0 vhid 7 advbase 1 advskew 128
        groups: carp
        inet 144.23.11.246 netmask 0xffffff00 broadcast 144.23.11.255



fw1 # ifconfig carp7
carp7: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        carp: MASTER carpdev sis0 vhid 7 advbase 1 advskew 50
        groups: carp
        inet 144.23.11.246 netmask 0xffffff00 broadcast 144.23.11.255



Thanks

Reply via email to