[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf/carp for redundant production use



Hi everyone,

Just chat with someone in #pf and found out that pf at the moment cannot maintain state on TCP connections from internal machine to external machine when network cable on master firewall's external interface is removed.

Anyways, most connections are coming from outside to inside and that is working well. :)


Neil writes:


Hi Joel,

I just created a new email post. :)

Thanks,

neil

j knight writes:

Neil wrote:
Yup that did the fix for the inbound. Now, I tried connecting to an ssh server from the internal machine to the external machine running openssh and i disconnected the cable, however, the ssh session was not able to recover. What should I change in my pf.conf configuration.
Thanks for the first one. It's awesome! :D
j knight writes:


Hard to say. What does your troubleshooting tell you? What does pflog tell you? What does the state table look like on the new master?



.joel