DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 21st January 2011
Abbass Abbass is offline
New User
 
Join Date: Jan 2011
Posts: 1
Thanked 0 Times in 0 Posts
Default CARP

Hello all,

We are trying to adopt CARP to build a redundant firewall using OpenBSD.
The actual network has one firewall/gateway. We installed OpenBSD on another machine and now we are looking to implement CARP.

I have a question :
I read somewhere that we can use a the current IP address of the firewall serving as the FW/gateway as the CARP virtual address?

is that ture, if so have anyone tried it?
in what versions is it supported?


Thanks
Reply With Quote
  #2   (View Single Post)  
Old 21st March 2011
tinhead tinhead is offline
New User
 
Join Date: Mar 2011
Location: Vancouver, CA
Posts: 8
Thanked 0 Times in 0 Posts
Default

We're successfully doing this in our environment. We're running a slightly outdated version of OpenBSD, 4.4 so I think you're good. If you need to look at our config (in PM), feel free to ask.
Reply With Quote
  #3   (View Single Post)  
Old 13th April 2011
mwjpiero mwjpiero is offline
Real Name: DeadSun
New User
 
Join Date: Nov 2010
Location: Shanghai
Posts: 2
Thanked 0 Times in 0 Posts
Default

you mean the if of fw interface and carp virtual ip is the same?
Reply With Quote
  #4   (View Single Post)  
Old 13th April 2011
phoenix's Avatar
phoenix phoenix is offline
Risen from the ashes
 
Join Date: May 2008
Posts: 699
Thanked 90 Times in 81 Posts
Default

I believe on OpenBSD when you create the CARP interface, you tell it the physical device to use (carpdev option). Then you remove the IP from the physical device, and you put that IP on the CARP device.

In order to be able to connect to the individual boxes, you would add another interface to the box (or add a vLAN), and give that an IP.

Thus, between the two boxes, you would have 3 IPs:
  • the CARP IP, which is shared between the two boxes, that hosts on the LAN point to
  • the management IP for boxA
  • the management IP for boxB

It would be wonderful if the carpdev option was ported to FreeBSD...
__________________
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Clustering with CARP revzalot OpenBSD General 10 17th September 2009 04:44 AM
CARP interface with DHClient xinform3n OpenBSD General 5 22nd July 2009 12:41 PM
Carp + Trunk firewall mururoa OpenBSD General 0 2nd June 2009 01:01 PM
carp configuration ohhcarp OpenBSD General 3 16th April 2009 10:50 PM


All times are GMT. The time now is 01:34 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick