--- Quoting ed on 2005/12/28 at 18:40 +0000: > Hello, > > I have the following pf.conf on two identical firewalls, which combine > two external ISP connections to a single RFC1819 network, providing > complete failover if the ISP drops off the edge of the world. > > However, I notice that when I force the firewall to fail over that the > states do not appear to function any longer, new states can be > established just fine though. I am wondering if this is related to the > tagging, or that the firewall has no default gateway, but neither seem > to be definite causes.
When you compare "pfctl -ss" on either firewall, do you see state information being replicated? The addresses that you're NATing to, are those the carp IPs or the IPs on the physical interfaces? .joel
