[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf/carp for redundant production use

Neil wrote:
Hi guys,
I got pf and carp working together. However, I have noticed that TCP oriented application doesn't get recover well when I disconnect a cable. I setup a netcat listener on a machine inside the network. Then I ran netcat from another machine outside the network. I was able to connect and was able to send some characters. However, when I disconnected the primary firewall's external interface, netcat won't work anymore until I execute netcat again that connects to the shared external ip address.
Am I missing any configuration? Looks like it's related to pf state tables not being sent to the backup firewall.

Show your entire pf.conf.
Let's see some troubleshooting commands. Run ifconfig before and after pulling the cable, etc.