hi all
have configured two firewalls with carp
i have connectivity to the internet and the firewalls failover properly.
when i check the carp states of each firewall the slave reports that its
wan connection is in the master state the same as the master firewall
while the slave carp lan connection is in the backup state.
is this normal or should both carps be in backup for the slave ?
shadrock
master firewall
/etc/hostname.carp1
inet 10.5.5.1 255.255.255.0 10.5.5.255 vhid 1 carpdev em1 pass pass1
/etc/hostname.carp2
inet 192.168.5.1 255.255.255.0 192.168.5.255 vhid 2 carpdev em0 pass pass2
/etc/hostname.em0
inet 192.168.5.2 255.255.255.0
/etc/hostname.em1
inet 10.5.5.2 255.255.255.0 NONE
/etc/hostname.bge0
inet 172.16.0.2 255.255.255.0 NONE
/etc/hostname.pfsync0
up syncdev bge0
ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33196
priority: 0
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:18:8b:60:7b:06
priority: 0
media: Ethernet autoselect (1000baseT
full-duplex,master,rxpause,txpause)
status: active
inet 172.16.0.2 netmask 0xffffff00 broadcast 172.16.0.255
inet6 fe80::218:8bff:fe60:7b06%bge0 prefixlen 64 scopeid 0x1
em0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
mtu 1500
lladdr 00:04:23:df:6b:a4
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
inet 192.168.5.2 netmask 0xffffff00 broadcast 192.168.5.255
inet6 fe80::204:23ff:fedf:6ba4%em0 prefixlen 64 scopeid 0x2
em1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
mtu 1500
lladdr 00:04:23:df:6b:a5
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet 10.5.5.2 netmask 0xffffff00 broadcast 10.5.5.255
inet6 fe80::204:23ff:fedf:6ba5%em1 prefixlen 64 scopeid 0x3
enc0: flags=41<UP,RUNNING>
priority: 0
groups: enc
status: active
pfsync0: flags=41<UP,RUNNING> mtu 1500
priority: 0
pfsync: syncdev: bge0 maxupd: 128 defer: off
groups: carp pfsync
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33196
priority: 0
groups: pflog
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:01
priority: 0
carp: MASTER carpdev em1 vhid 1 advbase 1 advskew 0
groups: carp
status: master
inet6 fe80::200:5eff:fe00:101%carp1 prefixlen 64 scopeid 0x6
inet 10.5.5.1 netmask 0xffffff00 broadcast 10.5.5.255
carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:02
priority: 0
carp: MASTER carpdev em0 vhid 2 advbase 1 advskew 0
groups: carp
status: master
inet6 fe80::200:5eff:fe00:102%carp2 prefixlen 64 scopeid 0x7
inet 192.168.5.1 netmask 0xffffff00 broadcast 192.168.5.255
slave firewall
/etc/hostname.carp1
inet 10.5.5.1 255.255.255.0 10.5.5.255 vhid 1 carpdev em1 advskew 100
pass pass1
/etc/hostname.carp2
inet 192.168.5.1 255.255.255.0 192.168.5.255 vhid 2 carpdev em0 advskew
100 pass pass2
/etc/hostname.em0
inet 192.168.5.3 255.255.255.0
/etc/hostname.em1
inet 10.5.5.3 255.255.255.0 NONE
/etc/hostname.bge0
inet 172.16.0.3 255.255.255.0 NONE
/etc/hostname.pfsync0
up syncdev bge0
ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33196
priority: 0
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:18:8b:6c:4e:85
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet 172.16.0.3 netmask 0xffffff00 broadcast 172.16.0.255
inet6 fe80::218:8bff:fe6c:4e85%bge0 prefixlen 64 scopeid 0x1
em0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
mtu 1500
lladdr 00:04:23:e3:c7:92
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
inet 192.168.5.3 netmask 0xffffff00 broadcast 192.168.5.255
inet6 fe80::204:23ff:fee3:c792%em0 prefixlen 64 scopeid 0x2
em1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
mtu 1500
lladdr 00:04:23:e3:c7:93
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet 10.5.5.3 netmask 0xffffff00 broadcast 10.5.5.255
inet6 fe80::204:23ff:fee3:c793%em1 prefixlen 64 scopeid 0x3
enc0: flags=41<UP,RUNNING>
priority: 0
groups: enc
status: active
pfsync0: flags=41<UP,RUNNING> mtu 1500
priority: 0
pfsync: syncdev: bge0 maxupd: 128 defer: off
groups: carp pfsync
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33196
priority: 0
groups: pflog
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:01
priority: 0
carp: BACKUP carpdev em1 vhid 1 advbase 1 advskew 100
groups: carp
status: backup
inet6 fe80::200:5eff:fe00:101%carp1 prefixlen 64 scopeid 0x6
inet 10.5.5.1 netmask 0xffffff00 broadcast 10.5.5.255
carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:02
priority: 0
carp: MASTER carpdev em0 vhid 2 advbase 1 advskew 100
groups: carp
status: master
inet6 fe80::200:5eff:fe00:102%carp2 prefixlen 64 scopeid 0x7
inet 192.168.5.1 netmask 0xffffff00 broadcast 192.168.5.255
