| Setting up CARP | ||
|---|---|---|
 | Setting up a redundant OpenBSD 4.8 firewall |  |
| Setting up CARP | ||
|---|---|---|
| | Setting up a redundant OpenBSD 4.8 firewall | |
We introduce carp-master.sh, to be executed on fw1:
#!/bin/ksh
sysctl net.inet.carp.preempt=1
#Outside
cat <<EOF > /etc/hostname.vr1
dhcp
EOF
#Inside
cat <<EOF > /etc/hostname.vr2
inet 10.0.112.252 255.255.255.0 NONE
EOF
#Outside carp
cat <<EOF > /etc/hostname.carp0
10.0.12.251 vhid 1
EOF
#Inside carp
cat <<EOF > /etc/hostname.carp1
10.0.112.251 vhid 1
EOF
# PfSync Interconnect
cat <<EOF > /etc/hostname.vr3
inet 10.0.227.252 255.255.255.0 NONE
EOF
#PfSync
cat <<EOF > /etc/hostname.pfsync0
syncdev vr3
EOF
chmod 640 /etc/hostname.*
ifconfig pfsync0 down
ifconfig pfsync0 up
sh /etc/netstart
... and carp-slave.sh, to be executed on fw2:
#!/bin/ksh
sysctl net.inet.carp.preempt=1
#Outside
cat <<EOF > /etc/hostname.vr1
dhcp
EOF
#Inside
cat <<EOF > /etc/hostname.vr2
inet 10.0.112.253 255.255.255.0 NONE
EOF
#Outside carp
cat <<EOF > /etc/hostname.carp0
10.0.12.251 vhid 1 advskew 100
EOF
#Inside carp
cat <<EOF > /etc/hostname.carp1
10.0.112.251 vhid 1 advskew 100
EOF
# PfSync Interconnect
cat <<EOF > /etc/hostname.vr3
inet 10.0.227.253 255.255.255.0 NONE
EOF
#PfSync
cat <<EOF > /etc/hostname.pfsync0
syncdev vr3
EOF
chmod 640 /etc/hostname.*
ifconfig pfsync0 down
ifconfig pfsync0 up
sh /etc/netstart