[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Pfsync not working



I have the next topology of network:
                    ----------- Firewall 1 -------
    Client  ----HUB                |              HUB ---- Server
                    ----------- Firewall 2 -------
Client(SUSE 9 box):
IP-192.168.0.10
Route-192.168.0.254
Server(OpenBSD 3.5):
IP-10.0.0.2
Route-10.0.0.254
Firewall 1 - master(OpenBSD 3.5):
#/etc/hostname.sk0(internal network):
inet 192.168.0.254 255.255.255.0 NONE
#/etc/hostname.fxp0(PFSYNC if):
inet 192.168.254.254 255.255.255.0 NONE
#/etc/hostname.fxp0(Network where server(external)):
inet 10.0.0.254 255.255.255.0 NONE
#/etc/hostname.carp0:
inet 10.0.0.1 255.255.255.0 10.0.0.255 vhid 1 pass good
#/etc/hostname.carp1:
inet 192.168.0.1 255.255.255.0 192.168.0.255 vhid 2 pass best
#PF.CONF#
pass log all
pass log quick on { fxp0 } pfsync
pass log on { sk0 fxp1 } proto carp keep state
Firewall 2 - backup(OpenBSD 3.5):
#/etc/hostname.sk0(internal network):
inet 192.168.0.254 255.255.255.0 NONE
#/etc/hostname.xl0(PFSYNC if):
inet 192.168.254.254 255.255.255.0 NONE
#/etc/hostname.ne3(Network where server(external)):
inet 10.0.0.254 255.255.255.0 NONE
#/etc/hostname.carp0:
inet 10.0.0.1 255.255.255.0 10.0.0.255 vhid 1 advskew 100 pass good
#/etc/hostname.carp1:
inet 192.168.0.1 255.255.255.0 192.168.0.255 vhid 2 advskew 100 pass best
#PF.CONF#
pass log all
pass log quick on { xl0 } pfsync
pass log on { sk0 ne3 } proto carp keep state
With this configuration I can't access from client to the server through 2
Firewalls.
1)I can ping internal and external IP's(on firewalls) from server and from
client.But can't ping server from client and on the contrary.
In firewalls log I see that the icmp packet's passed.
2)If I reboot firewall-1 in console of firewall-2 shows this message:
/bsd: duplicate IP address 192.168.254.254  sent from Ethernet address
00:90:27:57:7e:71
3)And when I reboot firewall-1(or 2) before it shutting down in console I
see this message:
ifconfig: SIOCGIFFLAGS device not configured
Where I wrong ?