pfBlockerNG HA CARP issues
-
Is there any documentation on running pfBlockerNG on an HA CARP pair? Specifically setting "DNSBL VIP Type" to "CARP"? I have gone through this several times and even after manually setting the skew to 0 on the primary and 100 on the secondary the primary shows the pfb_dnsbl status as stopped and I can't get it to start, but on the pfBlockerNG dashboard widget I have a green check next to DNSBL and if I hover over it it shows "DNSBL (Unbound mode) is Active on VIP 10.10.10.1 ports: 8081 & 8443". On the secondary it's showing as running in both the status-->services and on the pfBlockerNG dashboard widget. If I change the DNSBL VIP Type to IP Alias (disabling CARP) the pfb_dnsbl status shows running on both. Do I just use IP Alias instead of CARP? Will that work and continue to work if there is a fail-over? I also posted this in the HA/CARP/VIPs forum in case an HA/CARP guru has some insight.
-
@fluvannait
Can you read this:
I guess, there is a good reason for writing this in upper case letters.
-
@viragomann
Did I say anything about editing that? No, I switched the DNSBL VIP Type to CARP in order to run it in an HA CARP pair. If you're not supposed to use CARP as the DNSBL VIP Type why would it be an option. Furthermore, when you switch the DNSBL VIP Type to CARP is keeps the IP Alias as 10.10.10.1/32 and just makes it a CARP VIP. -
@fluvannait
You changed to type to CARP without editing it?
A CARP VIP for DNSBL is an imbecility. This IP is only needed at the master. So it can be a simple IP alias. If you want to have it on both, you can hook it up on a CARP.
