From owner-freebsd-net@FreeBSD.ORG Tue May 26 19:13:49 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 095F6106568E for ; Tue, 26 May 2009 19:13:49 +0000 (UTC) (envelope-from biancalana@gmail.com) Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.26]) by mx1.freebsd.org (Postfix) with ESMTP id 95D798FC1F for ; Tue, 26 May 2009 19:13:48 +0000 (UTC) (envelope-from biancalana@gmail.com) Received: by ey-out-2122.google.com with SMTP id 9so848429eyd.7 for ; Tue, 26 May 2009 12:13:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=owP4dys5quOaENn+LrO22gyTpOyphmlpF6vIP7t0Gdk=; b=HpnP1j4RNpg6tnB6HSSmFvQOquCeAubUU/5ejjTgkrexfCe6kKld/V7HGU677JcJpa swYvIPBAWiwnlE04iQCr0arN/CcnakL7o271uNIF8e4tfIcVYVVWXD5z90PMhh9smvl0 z/7tOwCljsG3EkwAme17ih9OTERpW1Vhcokko= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=AaO8PsJGC5UaunlpTThSccyCJ7fOJj4a9qcCMLORw6cF7y5pnYEv409KMewfG+IOwy ldORN5E55ygeGFqtS9SMPzKJ93sFRxPg3jXnrJdIHfc1UqIm/wd7hOO3xu0b79uqGzkm SxnwSg3EYAXkNPnHVpZHpIkgLIdUXktai5+Ys= MIME-Version: 1.0 Received: by 10.216.50.144 with SMTP id z16mr3269458web.65.1243360921746; Tue, 26 May 2009 11:02:01 -0700 (PDT) Date: Tue, 26 May 2009 15:02:01 -0300 Message-ID: <8e10486b0905261102y4fe7ccebya01221ecf09db36d@mail.gmail.com> From: Alexandre Biancalana To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Multiple ftp servers behind pf with carp multi-ip X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 May 2009 19:13:49 -0000 Hi list, I have two firewall with 7.2-STABLE, PF and Carp for failover. The machine have one physical interface dedicated to two internet links (from different providers) and using two vlans on top of this physical interface. Each vlan have one real ip address and a carp interface with multiple real ip addresses for each vlan. I have three ftp servers with invalid ip addresses behind the firewall that need to be accessible from internet. Then I configured ftp-proxy in the following way: ftp-proxy -a -b -p21 -R When ftp_external_ip is an ip associated to the carp interface, the ftp connection is unstable, some times the connection is opened, some times the connection is broken in the middle of list command or before enter the password. If I start the ftp-proxy command using as ftp_external_ip the ip associated with the vlan interface everything works great. This machines are in production, so I'm building a lab with virtual machines to do some experiments and try to reproduce this. Did someone had seen something like this before ? I can provide any additional information needed for help troubleshooting. Best Regards, Alexandre