[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf/carp for redundant production use
I got pf and carp working together. However, I have noticed that TCP
oriented application doesn't get recover well when I disconnect a cable.
I setup a netcat listener on a machine inside the network. Then I ran
netcat from another machine outside the network. I was able to connect
and was able to send some characters. However, when I disconnected the
primary firewall's external interface, netcat won't work anymore until I
execute netcat again that connects to the shared external ip address.
Am I missing any configuration? Looks like it's related to pf state
tables not being sent to the backup firewall.
Show your entire pf.conf.
Let's see some troubleshooting commands. Run ifconfig before and after
pulling the cable, etc.