search for: pfsync

I just started rolling out 9.2 to all our production machnes, which are currently on 8.4. We have tested it pretty throughly internally and are very happy with it, but as part of the deployment have hit a problem. We have a pair of boxes running as a firewall using carp and pfsync. One of the - the 'passive' one - has been upgraded to 9.2, and all works fine as far as carp si concerned, but what I have found is that pfsync doesnt seem to work - i.e. when it fals over existing connections are not kept live. This works fine when the boxes are both running 8.4 Of cours...

...interface names with ipv6 enabled in pf firewall. >Fix: 1. Start network_ipv6 before pf in /etc/rc.d. mohacsi@mignon2> diff -ruN pf.orig pf --- pf.orig Wed Jun 13 12:43:30 2007 +++ pf Wed Jun 13 12:43:53 2007 @@ -4,7 +4,7 @@ # # PROVIDE: pf -# REQUIRE: root FILESYSTEMS netif pflog pfsync +# REQUIRE: root FILESYSTEMS netif pflog pfsync network_ipv6 # BEFORE: routing # KEYWORD: nojail 2. However to protect services during boot I recommend adding pfboot in /etc/rc.d. See /etc/rc.d/pfboot reference at NetBSD http://cvsweb.netbsd.org/bsdweb.cgi/src/etc/rc.d/pf_boot and /etc...

...ats.o pfctl_optimize.o -lm -lmd gzip -cn /usr/src/sbin/pfctl/../../contrib/pf/pfctl/pfctl.8 > pfctl.8.gz gzip -cn /usr/src/sbin/pfctl/../../contrib/pf/man/pf.4 > pf.4.gz gzip -cn /usr/src/sbin/pfctl/../../contrib/pf/man/pflog.4 > pflog.4.gz gzip -cn /usr/src/sbin/pfctl/../../contrib/pf/man/pfsync.4 > pfsync.4.gz gzip -cn /usr/src/sbin/pfctl/../../contrib/pf/man/pf.conf.5 > pf.conf.5.gz gzip -cn /usr/src/sbin/pfctl/../../contrib/pf/man/pf.os.5 > pf.os.5.gz ===> sbin/pflogd (all) cc -O2 -fno-strict-aliasing -pipe -Wall -Werror -Wmissing-prototypes -Wshadow -Wsystem-headers -Werror...

...;m wondering if there''s a good way to configure a Linux firewall box to failover to a single backup server, while preserving connection state. This question has been asked before, but the latest reference I can find is from 2004, at which time Linux had no equivalent of OpenBSD''s pfsync, though Harald was said to be working on one. Did anything come of those efforts? Or is there now another alternative? Any examples or advice would be appreciated. Thank you. -- ams

Hi Everyone, This is off-topic, so please feel free to disregard it, but I'm sending it to this list in the hope that it will reach a largish number of users. I am currently looking at updating some of our advocacy material (which advertises exciting new features like SMP support), and before I do I'd like to get a better feel for why the rest of you are using FreeBSD. If you had to

...ject. Details on UCARP: http://www.ucarp.org/ Details available on OBSD CARP: http://www.openbsd.org/lyrics.html http://www.openbsd.org/cgi-bin/man.cgi?query=carp http://software.newsforge.com/software/04/04/13/1842214.shtml?tid=132&tid=82&tid=91&tid=92 http://www.countersiege.com/doc/pfsync-carp/ http://kerneltrap.org/node/view/2873 -- Nick F. Silkey 512.475.8284 Sysadmin / BOFH silkey@ece.utexas.edu Dept. of Electrical and Computer Engineering The University of Texas at Austin ENS 526W 1024-bit DSA Key ID via GPG 0x35EB31E2 "Friends dont let frie...

Hi all, I have to make for a client an asterisk system for process up to 250 calls between conference and normal call. At disposition I have 4 xserver 346 with dual xeon 3.0Ghz and the client require a failover system. Anyone have experience for this type of solution? Is better ultramonkey, dundi or SER proxy in front of * server? Thanks Enrico P.S. Now during all this year I have to work

...are free. Many have absolutely no security. There are several in my neighborhood. I have no idea who is running them, but at least one is wide open. -------------------------------------------------------------------------------- - DAN LANGILLE a.. Redundant firewalls with OpenBSD, CARP and pfsync Firewalls are among the most critical network components, since their failure may cause entire groups of machines to remain offline. The damage may range from the public (web, mail, etc.) servers to become unreachable to the outside world up to being unable to surf this web site! ----------------...

...ck to linksys with 172 as return address.... or #2 asterisk trying to get back to me as 192.168 on public internet.. got canreinvite=yes and no. nat=yes qualify=1000 externaladdr=IP of (em1) localnet=172.16.0.0/12 i would need help form someone who did a sismilar setup.. i do run carp and pfsync also on the FW. mirrored to FW2 down ATM... anyhelp appreciated.. banging head on the wall for 2 weeks now..

Hi, I want to configure CentOS on powerful server with gigabit adapters as transparent bridge and deploy it in front of server farm. Can you tell how to optimize the OS for hight packet processing? What configurations I need to do to achieve very hight speeds and thousands of packets? -------------- next part -------------- An HTML attachment was scrubbed... URL:

...86 support options SCHED_ULE # I think now it's the default options QUOTA options MAC options AUDIT options KDTRACE_HOOKS options DDB_CTF options SMP device apic device pf device pflog device pfsync device atapicam options VESA 3) And my three core dumps are: ------------------------------------------------------------------------------------ vmcore.2: MAY be the core created when I plugged in the USB disk while the kernel was loading (sorry guys, not sure, hadn't...

...ver FireWire (RFC 2734,3146) device dcons # Dumb console driver device dcons_crom # Configuration ROM for dcons #sound device sound device snd_hda #cd burner device atapicam #3945ABG wireless - additional items device wpi #firewall -pf device pf device pflog device pfsync #firewall options options ALTQ options ALTQ_CBQ # Class Bases Queuing (CBQ) options ALTQ_RED # Random Early Detection (RED) options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ...

Hi, [I have added freebsd-security to recipient list as I consider this issue a security risk] Paul Schenkeveld wrote: > Hello, > > On Fri, Jul 14, 2006 at 01:26:38PM +0300, Ari Suutari wrote: >> Hi, >> >> Does anyone know if there are any plans to bring >> pf boot-time protection (ie. /etc/rc.d/pf_boot and >> related config files) from NetBSD to FreeBSD

Hello -STABLE@, So I've seen this situation seemingly randomly on a number of both physical 9.1 boxes as well as VMs for I would say 6-9 months at least. I finally have a physical box here that reproduces it consistently that I can reboot easily (ie; not a production/client server). No matter what I do: reboot shutdown -p shutdown -r This specific server will stop at "All buffers