Hi
On 11/17/06, Camiel Dobbelaar <[EMAIL PROTECTED]> wrote:
I see one possible flaw in your setup:
On Fri, 17 Nov 2006, Dominique Goncalves wrote:
> fw1:
> pf.conf:
> scrub in all
> nat on fxp0 from !(fxp0) to any -> (fxp0)
> pass quick on vr0 proto pfsync
Your pfsync interface is vr1, not vr0. I tend to use "set skip" for the
pfsync interface.
Yes you are correct it was my mystake
I made these changes:
set skip on vr1
#pass quick on vr1 proto pfsync
pass quick on { fxp0, vr0 } proto carp
pass all keep state
on both firewall, but it still don't keep state when carp1 on the
master is down
> pass quick on { fxp0 , vr1 } proto carp
So here vr1 should be vr0.
> pass all keep state
By the way, a ping from my laptop from LAN don't stop or time out when
carp1 on fw1 is down.
But you pass everything anyway, so I'm not sure it will fix your problem.
I appreciate your help
--
Cam
Regards.
--
There's this old saying: "Give a man a fish, feed him for a day. Teach
a man to fish, feed him for life."
