Skip to main content

Posts

Showing posts from February, 2008

Firewall Failover with CARP,PF and PFSYNC in OpenBSD 4.2 under VMWare ESX3

CARP Setup ---------- Reference http://www.openbsd.org/faq/pf/carp.html CARP Master ----------- # cat /etc/hostname.pcn1 # ifconfig carp0 create # ifconfig pcn1 up # ifconfig carp0 vhid 2 pass mysecretpassword carpdev pcn1 advbase 1 advskew 1 state master PUB.LIC.IPA.DDR netmask 255.255.255.0 broadcast PUB.LIC.IPA.DDR # echo "inet PUB.LIC.IPA.DDR 255.255.255.0 PUB.LIC.IPA.DDR vhid 2 pass mysecretpassword carpdev pcn1 advbase 1 advskew 1 state master" > /etc/hostname.carp0 Note : Enable Promiscuous Mode for Virtual Switch related with pcn1 # ifconfig carp1 create # ifconfig carp1 vhid 1 pass mysecretpassword carpdev pcn0 advbase 1 advskew 1 state master 192.168.0.254 netmask 255.255.255.0 broadcast 192.168.0.255 Note : Enable Promiscuous Mode for Virtual Switch related with pcn0 # vi /etc/pf.conf pass out on $lan_if proto carp keep state # pfctl -f /etc/pf.conf # sysctl -w net.inet.carp.allow=1 # vi /etc/sysctl.conf net.inet.carp.allow=1 # echo "in