Date: Wed, 27 May 2009 18:42:09 -0300 From: Alexandre Biancalana <biancalana@gmail.com> To: freebsd-pf@freebsd.org Subject: Multiple ftp servers behind pf with carp multi-ip Message-ID: <8e10486b0905271442j224b37f5nceccaba929a08f8a@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi list, I have two firewall with 7.2-STABLE, PF and Carp for failover. The machine have one physical interface dedicated to two internet links (from different providers) and using two vlans on top of this physical interface. Each vlan have one real ip address and a carp interface with multiple real ip addresses for each vlan. I have three ftp servers with invalid ip addresses behind the firewall that need to be accessible from internet. Then I configured ftp-proxy in the following way: ftp-proxy -a <internal_fw_ip> -b <ftp_external_ip> -p21 -R <ftp_internal_ip> When ftp_external_ip is an ip associated to the carp interface, the ftp connection is unstable, some times the connection is opened, some times the connection is broken in the middle of list command or before enter the password. If I start the ftp-proxy command using as ftp_external_ip the ip associated with the vlan interface everything works great. This machines are in production, so I'm building a lab with virtual machines to do some experiments and try to reproduce this. Did someone had seen something like this before ? I can provide any additional information needed for help troubleshooting. Best Regards, Alexandre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8e10486b0905271442j224b37f5nceccaba929a08f8a>