Date: Fri, 20 Mar 2009 11:07:04 -0700 (PDT) From: gahn <ipfreak@yahoo.com> To: Nikos Vassiliadis <nvass9573@gmx.com> Cc: freebsd general questions <freebsd-questions@freebsd.org> Subject: Re: ipfw and carp Message-ID: <752369.54009.qm@web52106.mail.re2.yahoo.com> In-Reply-To: <49C0AEF8.804@gmx.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks!
Indeed I did have:
${fwcmd} 140 allow all from $CARP-PEER_physical_interface to any via $local_external_interface
But it alone doesn't seem to be enough, sometimes it work but sometimes it doesn't. with tcpdump, sometimes I can't see the VRRPv2 advertisement.
So now i added:
${fwcmd} 150 allow all from any to 224.0.0.18 vi $local_external_interface
now it seem to be working perfect.
--- On Wed, 3/18/09, Nikos Vassiliadis <nvass9573@gmx.com> wrote:
> From: Nikos Vassiliadis <nvass9573@gmx.com>
> Subject: Re: ipfw and carp
> To: ipfreak@yahoo.com
> Cc: "freebsd general questions" <freebsd-questions@freebsd.org>
> Date: Wednesday, March 18, 2009, 1:21 AM
> gahn wrote:
> > Did any one use ipfw with CARP before? is there
> anything specific
> > about ipfw configurations working with CARP? I have
> two servers and
> > they configured with CARP. they are working fine
> except i can't turn
> > on ipfw.
>
> Did you add the rules needed to let CARP traffic in and out
> of the
> boxes?
>
> ipfw denies everything by default. So, you have to
> explicitly
> let CARP traffic through. Something like "allow carp
> from any
> to any" would do for a quick test.
>
> Nikos
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?752369.54009.qm>