[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CARP



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello All,
I am, once again having trouble understanding CARP/pf. It is a shame
this is not covered in Building Firewalls with OpenBSD and PF, by J.A.
or in Absolute OpenBSD, they both cover PF very well, but not CARP.
Anyway, I have a /etc/pf.conf file which was originally for a single
firewall, which worked for a normal layout with two interfaces. I am now
attempting to do the following:
               switch
                 |       +---------+----------+
       |                    |    +---------------------------+
    | CARP0 10.10.5.1/24        |    +---------------------------+
       |                    |fxp0: 10.10.3.31/24      fxp0: 10.10.3.32/24
     obsd0                obsd1
sis0: 83.146.42.163/28   sis0: 83.146.42.164/28
       |                    |    +---------------------------+
    | CARP1 83.146.42.165/24    |    +---------------------------+
       |                    |       +---------+----------+   
                 |              switch
The two boxes have two interfaces, although most documentation suggests
using a third interface with cross over, which I don't currently have.
My existing firewall script allows access to 83.146.42.164 and
83.146.42.165, should I be treating incoming packets as packets for
83.146.42.163/4, or 83.146.42.165?
Is it possible to provide two CARP interfaces over the fxp0 like I have,
and if I do, will it work as intended?
Needless to say, what I am trying to has not worked.
- -- 
/--  _| | Regards. Please note, my PGP key ID has changed.
|-- / | | If you are planning on sending me something encrypted
\__ \_| | please update your keyring. Debian/OpenBSD. 53C9FC6C.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBvE1+jtZArFPJ/GwRAl6NAJ41NpAbp619uTKmpY+TVUpGe526JgCdFqtB
PN25i6+2YGLlIHsHemuLyMM=
=A/v2
-----END PGP SIGNATURE-----