Hi all,
I have some problems with CARP (I can't get it working).
this is my current configuration:
# sysctl net.inet.ip.forwarding
net.inet.ip.forwarding=1
# sysctl net.inet.carp
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=2
# cat /etc/hostname.carp1
inet 172.1
> This can happen if the list of addresses, netmasks vhid and password
> of an carp interface is not exactly the same on the two hosts.
>
>-Otto
I'm confused, because if I reboot in this case the Secondary, all carp
interfaces swiched to Master state on primary, without any packet
loss.
I
On Sat, Apr 10, 2010 at 11:10:42AM +0200, tom baecker wrote:
> > net.inet.carp.preempt Allow virtual hosts to preempt each other.
> > Set it to 0 and give it a try.
> >
>
> I try it, and after the primary comes up again - the established
> connections stay active - great!
> But 1 of 3 carp
> net.inet.carp.preempt Allow virtual hosts to preempt each other.
> Set it to 0 and give it a try.
>
I try it, and after the primary comes up again - the established
connections stay active - great!
But 1 of 3 carp interfaces dont fall back to the Master mode at the Primary:
carp:
On Sat, Apr 10, 2010 at 9:44 AM, tom baecker wrote:
> Hello,
>
> I've setup a openbsd-ha firewall, based on the
> http://www.openbsd.org/faq/pf/carp.html.
>
> If the master goes down - the backup system become the Master rule.
> All established connections are in sync and stay active - so thats
>
Hello,
I've setup a openbsd-ha firewall, based on the
http://www.openbsd.org/faq/pf/carp.html.
If the master goes down - the backup system become the Master rule.
All established connections are in sync and stay active - so thats
perfect.
But if the original Master system comes back again and fal
Hello,
I've setup a openbsd-ha firewall, based on the
http://www.openbsd.org/faq/pf/carp.html.
If the master goes down - the backup system become the Master rule. All
established connections are in sync and stay active - so thats perfect.
But if the original Master system comes back again and fal
Stuart Henderson schrieb:
you're probably looking for "reply-to", something along these lines:
pass in quick on gif1 inet to (gif1) reply-to 10.33@gif1
pass in quick on pppoe0 inet to (pppoe0) reply-to 0.0@pppoe0
Yes I was.
Except that the syntax was not exactly clear to me if
On 2010-03-11, Marcus M?lb?sch wrote:
> Hello all,
>
> How do I configure a pf in a way that traffic that comes in one one
> CARP-Interface goes out to the same CARP-Interface?
you're probably looking for "reply-to", something along these lines:
pass in quick on gif1 inet to (gif1) reply-to
Marcus M|lb|sch schrieb:
How do I configure a pf in a way that traffic that comes in one one
CARP-Interface goes out to the same CARP-Interface? The syntax in
-current has changed from the FAQ (which assumes OpenBSD-4.6).
After some help from a friendly soul, and reducinge my pf.conf to
Hello all,
How do I configure a pf in a way that traffic that comes in one one
CARP-Interface goes out to the same CARP-Interface? The syntax in
-current has changed from the FAQ (which assumes OpenBSD-4.6).
http://www.openbsd.org/faq/pf/pools.html#outgoing
On a HP ProLiant with BCM570
OTECTED]>, misc@openbsd.org
> Betreff: Re: problems with carp and vlans
> Datum: Thu, 20 Apr 2006 18:07:40 +0200
>
> On Thu, Apr 20, 2006 at 05:42:20PM +0200, Otto Moerbeek wrote:
> >
> > On Thu, 20 Apr 2006, Lars Weste wrote:
> >
> > > Hi,
> > >
&
On Thu, Apr 20, 2006 at 05:42:20PM +0200, Otto Moerbeek wrote:
>
> On Thu, 20 Apr 2006, Lars Weste wrote:
>
> > Hi,
> >
> > yes, i am running 3.8 -stable, and the backup has a higher advbase than
>
> err, for preemption to work, the advskew should be higher on the backup.
> At least, that is w
terfaces, or whether there is some new feature, that will do the trick.
>
> lars
>
> > --- Urspr|ngliche Nachricht ---
> > Von: Marco Pfatschbacher <[EMAIL PROTECTED]>
> > An: Lars Weste <[EMAIL PROTECTED]>
> > Kopie: misc@openbsd.org
> > Betreff
isc@openbsd.org
> Betreff: Re: problems with carp and vlans
> Datum: Thu, 20 Apr 2006 15:01:30 +0200
>
> Hi,
>
> did you remember to configure the backup machine
> with a higher advskew / advbase?
> Are you running -stable?
>
> I'm not aware of any other problems
Hi,
did you remember to configure the backup machine
with a higher advskew / advbase?
Are you running -stable?
I'm not aware of any other problems in 3.8 that might cause this.
On Wed, Apr 19, 2006 at 08:59:01AM +0200, Lars Weste wrote:
> Hi,
>
> I have some problems with carp
Hi,
>> with scrub in all set at the firewall, will openbsd handle icmp
packets
>> of type unreach code needfrag automatically, because of the
statefulness?
>> as far as i know, icmp packtes like port/host/network unreachable are
>> allowed by the keep state statements, does this also apply for
lan100
> inet 192.168.1.254 255.255.255.0 NONE
>
> hostname.carp204
> vhid 204 carpdev em2
> inet 10.0.0.100 255.255.255.0 NONE
>
>> Can someone clarify if it will work with 3.9 without ifstated?
>
> I'm running my routers from a 3.9 snapshot generated a couple d
ONE
hostname.carp204
vhid 204 carpdev em2
inet 10.0.0.100 255.255.255.0 NONE
> Can someone clarify if it will work with 3.9 without ifstated?
I'm running my routers from a 3.9 snapshot generated a couple days
before 3.9 was tagged in CVS, and I've had no problems with carp on
vlan
>
> Try a 3.9 kernel and 3.9 ifconfig binary and see what happens
> i'm using 3.9-current from the snapshots right now to great effect
>
> Lars Weste [EMAIL PROTECTED] wrote:
> > Hi,
> >
> > I have some problems with carp and vlans, at least I
Hi,
I have some problems with carp and vlans, at least I think so.
I found this:
http://archives.neohapsis.com/archives/openbsd/cvs/2005-04/0996.html
so my assumption may be wrong, as I use openbsd 3.8.
I have four physical
interfaces in my two firewalls, one for pfsync, one to the Internet
21 matches
Mail list logo
