From owner-freebsd-pf@FreeBSD.ORG Tue Nov 30 00:33:09 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 797ED16A4CE for ; Tue, 30 Nov 2004 00:33:09 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 21E8443D2F for ; Tue, 30 Nov 2004 00:33:09 +0000 (GMT) (envelope-from josh.kayse@gmail.com) Received: by wproxy.gmail.com with SMTP id 70so1932382wra for ; Mon, 29 Nov 2004 16:33:07 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=JZYjQDXUGnbX1xHLR8zAmj+AoDcs6atxFj8ntmTly75rhFE7iCI/zYlOJ8hvB3ULrZvMqVkoFPcxjQIIHDzuV1wawpXKl57iccVP987zbQVSuuhlesi/Ki/colY+7osl/8MRd6ZWpQt+OhAHieRnFtvCnG1EJhZNwEyKiYz5Rco= Received: by 10.54.38.68 with SMTP id l68mr882418wrl; Mon, 29 Nov 2004 11:30:06 -0800 (PST) Received: by 10.54.23.33 with HTTP; Mon, 29 Nov 2004 11:30:02 -0800 (PST) Message-ID: <7c8f2792041129113041d636be@mail.gmail.com> Date: Mon, 29 Nov 2004 14:30:02 -0500 From: Josh Kayse To: Max Laier In-Reply-To: <200411292019.59902.max@love2party.net> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <7c8f2792041129110672937ae7@mail.gmail.com> <200411292019.59902.max@love2party.net> cc: freebsd-pf@freebsd.org Subject: Re: [pf4freebsd] Re: pfsync X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: gtg062h@mail.gatech.edu List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Nov 2004 00:33:09 -0000 On Mon, 29 Nov 2004 20:19:49 +0100, Max Laier wrote: > On Monday 29 November 2004 20:06, Josh Kayse wrote: > > I don't know if you are still interested in updates, but I have run > > the pfsync patch on FreeBSD 5.3 and it seems to be working great. > > Keep up the great work :) > > I *am* interested in details. It's also part of the ongoing CARP patchset and > I'll likely commit them in one go. > > Can you please tell me some details about how you tested? Are you peering two > FreeBSD boxes or Free- and OpenBSD or something completely different? > > TIA. > > -- > /"\ Best regards, | mlaier@freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier@EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News > > > I'm peering between two FreeBSD boxes in a bridged firewall mode. It's successful enough for me to failover between the two without losing tcp sessions so far. I still have some more testing to go, but I'd say it's working well. Exact details of setup: 2 FreeBSD 5.3 boxes cvsup'd against RELENG_5 and rebuilt as of Sunday (with the patch of course) 3 Interfaces, em0, em1, xl0 pfsync over xl0 em1 has a public ip address em0 has no address using a patched version of freevrrpd to handle failovers (don't like having all the multicast packets flying around, and didn't want to rely on smart switches to handle the loop) works well so far if you want any other information, let me know, i'll be glad to work with you Keep up the great work -josh -- Joshua Kayse Computer Engineering