NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

bin/51372: add & document carp and pfsync protocol numbers

>Number:         51372
>Category:       bin
>Synopsis:       add & document carp and pfsync protocol numbers
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          doc-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jul 28 09:50:00 +0000 2016
>Originator:     Hauke Fath
>Release:        NetBSD 7.0_STABLE
Technische Universitaet Darmstadt
System: NetBSD Gstoder 7.0_STABLE NetBSD 7.0_STABLE (MONOLITHIC) #1: Fri Apr 1 14:41:59 CEST 2016 hf@Hochstuhl:/var/obj/netbsd-builds/7/i386/sys/arch/i386/compile/MONOLITHIC i386
Architecture: i386
Machine: i386

	The NetBSD man page for pfsync(4) says this about pf(4) filter
	rules necessary to admit the CARP and pfsync packets:

pf(4) must also be configured to allow pfsync and carp(4) traffic
through.  The following should be added to the top of /etc/pf.conf:

           pass quick on { sis2 } proto pfsync
           pass on { sis0 sis1 } proto carp

	This is obviously a copycat from the OpenBSD man page, since
	the NetBSD /etc/protocols has "vrrp" for what OpenBSD calls
	"carp" (protocol 112), and no entry at all for what OpenBSD
	calls "pfsync" (protocol 240).


	Set up the recommended pf rules per pfsync(4), watch pf error


	In /etc/protocols, add carp as an alias for vrrp (or rather
	the other way round, since we do not have anything in the tree
	that actually does vrrp). 

	Also, add an entry for pfsync, siince we ship the thing.



Home | Main Index | Thread Index | Old Index