As CARP interface are virtual interfaces oppose to physical one, does
this mean that it is consider to be may be a bridge type of operations?
So, as the man page explain synproxy doesn't work on bridge setup would
mean the below is normal?
I am curious and would like to understand why a simple rules like:
pass in on $ext_if proto tcp to carp1 port www flags S/SA keep state
works as well as:
pass in on $ext_if proto tcp to $ext_if port www flags S/SA keep state
but not this one:
pass in on $ext_if proto tcp to carp1 port www flags S/SA synproxy state
Everything else been equal and your web server run on the same server as
pf and would answer to both IP assign to the physical interface as well
as the virtual CARP interface.
That's the only explication I was able to come up with so far in my
research.
Thanks for your inside.
Daniel
PS: Tested on both 3.8 GENERIC and 3.9-BETA.
