|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
[SOLVED] carp with (1x) public IP - NAT not working
Hello everyone,
I have an OpenBSD 5.7 amd64 machine with 3x NIC's (internet, LAN and pfsync). The problems is that if I configure the public ip on the CARP interface, NAT doesn't work but if I configure the Ip on the physical interface, it does work. Here is my setup: em0 - internet (x.x.x.x) em1 - LAN (y.y.y.y) em2 - pfsync (we don't care about this for now) carp0 - public IP carp1 - private IP /etc/hostname.em0: Code:
up description "internet" Code:
up description "LAN" Code:
inet x.x.x.x 255.255.255.x x.x.x.255 vhid 1 carpdev em0 pass passwd advskew 5 Code:
inet y.y.y.y 255.255.255.y y.y.y.255 vhid 2 carpdev em1 pass passwd2 advskew 5 Code:
### Global ext_if="em0" int_if="em1" ### Runtime options set block-policy drop set skip on lo0 set loginterface egress set timeout interval 5 set timeout frag 20 ### Scrub match log on {$ext_if} scrub (max-mss 1440) label "scrub" ### NAT & RDR match out on egress inet from !(egress:network) to any nat-to (egress:0) ### ### Rules ### block in log on $ext_if proto { tcp, udp, icmp } all label "EXT_IF block in" pass in log on $int_if all label "INT_IF pass in" pass out log label "DEF_PASS_OUT" # antispoof antispoof log quick for { lo $ext_if $int_if } label "antispoof lo/INT_IF/EXT_IF" Any thoughts? Last edited by da1; 25th September 2015 at 07:30 AM. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
OpenBSD CARP/PF | nekron99 | OpenBSD Security | 16 | 8th November 2011 11:08 PM |
CARP | Abbass | OpenBSD Security | 3 | 13th April 2011 07:22 PM |
Clustering with CARP | revzalot | OpenBSD General | 10 | 17th September 2009 04:44 AM |
carp configuration | ohhcarp | OpenBSD General | 3 | 16th April 2009 10:50 PM |