BSD Router Project

User Tools

Site Tools

Trace: pf, pfsync, pflog and carp lab
documentation:examples:pf_and_carp_lab

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
documentation:examples:pf_and_carp_lab [2021/11/25 13:59] – [carp state] olivierdocumentation:examples:pf_and_carp_lab [2021/11/25 14:04] (current) – [pf synchronisation] olivier
Line 87: Line 87:
 sysrc pflog_enable=YES sysrc pflog_enable=YES
 sysrc pfsync_syncdev=vtnet1 sysrc pfsync_syncdev=vtnet1
-mount -uw / +sysrc kld_list="carp"
-echo "carp_load="YES">> /boot/loader.conf.local +
-mount -ur /+
 echo "net.inet.carp.preempt=1" >> /etc/sysctl.conf echo "net.inet.carp.preempt=1" >> /etc/sysctl.conf
  
Line 139: Line 137:
 sysrc pflog_enable=YES sysrc pflog_enable=YES
 sysrc pfsync_syncdev=vtnet1 sysrc pfsync_syncdev=vtnet1
-mount -uw / +sysrc kld_list="carp"
-echo "carp_load="YES">> /boot/loader.conf.local +
-mount -ur /+
 echo "net.inet.carp.preempt=1" >> /etc/sysctl.conf echo "net.inet.carp.preempt=1" >> /etc/sysctl.conf
  
Line 285: Line 281:
  
 Open a tmux session on R1 and generate 2 flows: Open a tmux session on R1 and generate 2 flows:
-  -  A continous ping: ping 10.0.0.4 +  -  A continous ping: ping 2.2.2.4 
-  -  A echo session: telnet 10.0.0.4 7+  -  A echo session: telnet 2.2.2.4 7
  
 ==== pf synchronisation ==== ==== pf synchronisation ====
Line 293: Line 289:
  
 <code> <code>
-[root@VM3]~# pfctl -ss +[root@VM2]~# pfctl -ss 
-all icmp 10.0.0.4:267 <- 192.168.10.1:267       0:+all carp fe80::5a9c:fcff:fe02:2 -> ff02::12       SINGLE:NO_TRAFFIC 
-all icmp 192.168.10.1:267 -> 10.0.0.4:267       0:0 +all carp 2.2.2.2 -> 224.0.0.18       SINGLE:NO_TRAFFIC 
-all tcp 10.0.0.4:<- 192.168.10.1:31058       ESTABLISHED:ESTABLISHED +all carp 192.168.10.2 -> 224.0.0.18       SINGLE:NO_TRAFFIC 
-all tcp 192.168.10.1:31058 -> 10.0.0.4:      ESTABLISHED:ESTABLISHED +all pfsync 192.168.23.-> 224.0.0.240       SINGLE:NO_TRAFFIC 
-all carp 224.0.0.18 <- 192.168.10.      NO_TRAFFIC:SINGLE +all icmp 2.2.2.4:13399 <- 192.168.10.1:13399       0:0 
-all carp 224.0.0.18 <- 10.0.0.2       NO_TRAFFIC:SINGLE +all icmp 192.168.10.1:13399 -> 2.2.2.4:13399       0:0 
-all pfsync 224.0.0.240 <192.168.23.      NO_TRAFFIC:SINGLE+all tcp 2.2.2.4:7 <- 192.168.10.1:11636       ESTABLISHED:ESTABLISHED 
 +all tcp 192.168.10.1:11636 -> 2.2.2.4:7       ESTABLISHED:ESTABLISHED
 </code> </code>
  
Line 307: Line 304:
 <code> <code>
 [root@VM3]~# pfctl -ss [root@VM3]~# pfctl -ss
-all icmp 10.0.0.4:39946 <- 192.168.10.1:39946       0:0 
-all icmp 192.168.10.1:39946 -> 10.0.0.4:39946       0:0 
-all tcp 10.0.0.4:22 <- 192.168.10.1:46911       ESTABLISHED:ESTABLISHED 
-all tcp 192.168.10.1:46911 -> 10.0.0.4:22       ESTABLISHED:ESTABLISHED 
-all carp 224.0.0.18 <- 10.0.0.2       NO_TRAFFIC:SINGLE 
 all carp 224.0.0.18 <- 192.168.10.2       NO_TRAFFIC:SINGLE all carp 224.0.0.18 <- 192.168.10.2       NO_TRAFFIC:SINGLE
 +all carp 224.0.0.18 <- 2.2.2.2       NO_TRAFFIC:SINGLE
 +all carp ff02::12 <- fe80::5a9c:fcff:fe02:      NO_TRAFFIC:SINGLE
 +all pfsync 192.168.23.3 -> 224.0.0.240       SINGLE:NO_TRAFFIC
 all pfsync 224.0.0.240 <- 192.168.23.2       NO_TRAFFIC:SINGLE all pfsync 224.0.0.240 <- 192.168.23.2       NO_TRAFFIC:SINGLE
 +all icmp 2.2.2.4:13399 <- 192.168.10.1:13399       0:0
 +all icmp 192.168.10.1:13399 -> 2.2.2.4:13399       0:0
 +all tcp 2.2.2.4:7 <- 192.168.10.1:11636       ESTABLISHED:ESTABLISHED
 +all tcp 192.168.10.1:11636 -> 2.2.2.4:      ESTABLISHED:ESTABLISHED
 </code> </code>
  
documentation/examples/pf_and_carp_lab.1637845185.txt.gz · Last modified: 2021/11/25 13:59 by olivier
Except where otherwise noted, content on this wiki is licensed under the following license: BSD 2-Clause
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki