On Wed, Nov 12, 2008 at 11:40:36AM -0800, Vivek Ayer wrote:
> i don't think I understand. Clarify. you mean carpdev is like your
> physical interface..eth0, re0, etc.?
say you have a carp configured like:
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:04
carp: MASTER carpdev em0 vhid 4 advbase 1 advskew 0
groups: carp
inet 1.2.3.4 netmask 0xff000000 broadcast 1.255.255.255
As you can see, carp0 is using em0 as its carpdev.
A pf rule to pass ssh to the carp address would be:
pass in on em0 inet proto tcp to (carp0) port 22
and NOT:
pass in on carp0 inet proto tcp to (carp0) port 22
HTH,
Marco
