Actually, I feel kind of stupid for asking the question. Of course you can never ssh into the virtual carp interface, which is what I was trying to do. SSHing into the physical interface still works no problem. Then again, it would be Yay..CARP is working 100%.
The only thing you can do to the CARP interface (which is the public IP in this case) is ping it, right? Granted all the redirection to my web server still works, and the carp interface is actually the domain IP, will I just be able to type the domain in a web browser and watch http come up? By this, I mean: INTERNET --> CARP0 ---> Routers 1 and 2 ---> CARP1 ----> SWITCH ---> CARP3 ---> Web Servers 1 and 2. I'm going to be CARPing my web servers as well. So how would this work? Public IP request would go to one of the two routers which would redirect to one of the two web servers? Basically, how would http or named interact with the virtual interface? Thanks, Vivek On Sat, Oct 18, 2008 at 9:42 PM, patric conant <[EMAIL PROTECTED]> wrote: > paste files, attachments were stripped > > On Sat, Oct 18, 2008 at 11:26 PM, Vivek Ayer <[EMAIL PROTECTED]> wrote: >> >> Hey guys, >> >> So after I setup CARP on my routers/firewalls, I've been having some >> problems. CARP for the most part works. There was a minor glitch that >> both CARP systems saw themselves as Master, but that was solved. >> >> The main problem now is I can't ssh from the Internet into them. >> Before CARP, I was able to. But now, CARP/pf is confusing ssh clients >> and all I get is connection refused. The pass rule from before CARPing >> should still work, right? >> >> I've attached pf.conf and pf.conf.BAK. >> >> pf.conf.BAK is my pf setup before CARP. >> >> I just wanted to access the system(s) from the outside so I could >> setup my internal web servers which will also be CARP'd. Rules for web >> server redirection are also in the conf files. >> >> Help appreciated and Thanks yet again, >> Vivek >> >> [demime 1.01d removed an attachment of type application/octet-stream which >> had a name of pf.conf] >> >> [demime 1.01d removed an attachment of type application/x-trash which had >> a name of pf.conf.BAK] >> > > > > -- > Some software money can't buy. For everything else there's Micros~1.
