[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pf rule on carp interface?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: pf rule on carp interface?
From: Diana Eichert <deichert_(_at_)_wrench_(_dot_)_com>
Date: Thu, 17 Jun 2004 10:37:48 -0600 (MDT)

3.5 Release

I've setup CARP on 2 systems for failover RADIUS servers.  I wanted to
filter on the carp0 interface to allow RADIUS and ICMP packets destined
for the carp0 address.

However this rule

pass in on carp0 inet proto icmp from any to carp0

fails to allow ICMP packets through when pinging the carp0 IP address

Running tcpdump I see the ping coming in on the fxp0 interface.  I hadn't
allowed ICMP to the fxp0 address.  When I enabled this rule

pass in on fxp0 inet proto icmp from any to carp0

ICMP packets started passing through.

So my questions is, can't you filter on a carp interface only?  Or do I
have to filter on the underlying physical interface?

g.day

Follow-Ups:
- Re: pf rule on carp interface?
  - From: Matt Rowley

Prev by Date: Re: Problem with routing on dedicated server
Next by Date: Re: soekris boot is so close
Previous by thread: Re: Bgpd / Cisco issue
Next by thread: Re: pf rule on carp interface?
Index(es):
- Date
- Thread

Visit your host, monkey.org