Date: Thu, 11 Dec 2008 10:10:01 +0200 From: Alexander Vyrlanovich <iskander@apple-park.kiev.ua> To: freebsd-pf@freebsd.org Subject: Re: Dose pfsync work with route-ro/reply-to rules? Message-ID: <254A0CF2-6152-4E23-8FFC-48344F4EC66C@apple-park.kiev.ua> In-Reply-To: <1A5D8974-8BEE-4998-B029-737E32DB3C83@apple-park.kiev.ua> References: <1A5D8974-8BEE-4998-B029-737E32DB3C83@apple-park.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10 Dec 2008, at 14:12, Alexander Vyrlanovich wrote: > Hello All > > I have two firewalls with CARP + pfsync for failover > #uname -mrs: > FreeBSD 7.1-PRERELEASE i386 > sources from Nov 24 > > Three ISPs are connected, default route points to ISP1 > I use pf "route-to" option to forward some traffic via ISP2 and ISP3 > > The problem: > When backup firewall becomes a master, all packets forwarded via > ISP2 and ISP3 > which has a state in state table, go to the ISP1 (default route) and > of course > are blocked by pf on outgoing interface. > More over, those packets bypass nat rules and try to go out as is. Please ignore my sentence about nat - it was incorrect. > Looks like pfsync loses routing information. Can somebody confirm > this? Alexander Vyrlanovich System Administrator
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?254A0CF2-6152-4E23-8FFC-48344F4EC66C>