FWSYNC driver installation and configuration
Currently the driver is not included in the kernel and we have to patch, compile and install according to the following procedure:
#Prepare work directory, checkout project, create the symlinks
cd ~
mkdir work
cd work
cvs -d anoncvs@cvs.elwix.org:/cvs checkout fwsync
cd /usr/src
sudo ln -s ~/work/fwsync/patches/sync.c /usr/src/sbin/ipfw
#Patches for /usr/src/sbin/ipfw tool
sudo patch < ~/work/fwsync/patches/ipfw_Makefile.patch
sudo patch < ~/work/fwsync/patches/ipfw_main.patch
sudo patch < ~/work/fwsync/patches/ipfw_ipfw2_h.patch
#Patches for the ipfw filter driver
sudo patch < ~/work/fwsync/patches/alias_db_h.patch
sudo patch < ~/work/fwsync/patches/alias_db.patch
sudo patch < ~/work/fwsync/patches/ip_fw2.patch
sudo patch < ~/work/fwsync/patches/ip_fw_private_h.patch
sudo patch < ~/work/fwsync/patches/ip_fw_nat.patch
sudo patch < ~/work/fwsync/patches/ip_fw_h.patch
sudo patch < ~/work/fwsync/patches/ip_fw_dynamic.patch
#Build and install the kernel
sudo make buildkernel
sudo make installkernel
reboot
#In case. If you aren’t built Userland of the OS
cp /usr/src/sys/netinet/ip_fw.h /usr/include/netinet
#ipfw installation
cd /usr/src/sbin/ipfw
sudo make obj
sudo make depend
sudo make
sudo make install
#Driver installation
cd ~/work/fwsync/driver
make obj
make depend
make
sudo make install
#RECHECK THE IPFW RULE SET ON BOTH DEVICES, IT SHOULD BE UNIFIED!
#Driver load
kldload fwsync.ko
vim /boot/loader.conf
fwsync_load=”YES”
#Configuration:
#Activate the listen state
sudo ipfw sync config edge 20611
or
sudo ipfw sync config edge port 20611
*Remark1 – when we have only one option for the following word it can be skipped
#Configure the peer device as a collector
sudo ipfw sync config collector 172.17.0.254
or
sudo ipfw sync config collector 172.17.0.253 172.17.0.251,10000
*Remark2 – If there is no specified port comma separated after the IP, the default port 20611 will be used. We can configure two collectors max per device
#Start the synchronization
sudo ipfw sync start
#Useful commands
#List configuration
sudo ipfw sync show
#Stop the synchronization
sudo ipfw sync stop
#Disable the connectivity to the device’s network stack and clear the configuration (if we need to unload the driver for example for upgrade)
sudo ipfw sync flush
#Sample working setup (r1 and r2):
root@r1:~ # ipfw sync show
ipfw sync config edge port 20611
ipfw sync config collector 172.16.71.9,20611
ipfw sync start edge
ipfw sync start collector
root@r2:~ # ipfw sync show
ipfw sync config edge port 20611
ipfw sync config collector 172.16.71.5,20611
ipfw sync start edge
ipfw sync start collector
*Remark 3 – for production environments we will use the heartbeat VLAN
#Dynamic states after sync on r1
ipfw -dD show
…
01100 244 126718 (263s) STATE tcp 172.16.71.51 58659 <-> 178.22.65.231 443 :default
01100 1522 97910 (293s) STATE tcp 172.16.71.50 53129 <-> 74.125.143.188 5228 :default
…
#Socket
netstat
…
udp4 0 0 *.20611 *.*
…
#Statistics via sysctl
sysctl net.inet.ip.fwsync
net.inet.ip.fwsync.acct.edge_aliases: 3
net.inet.ip.fwsync.acct.collector_aliases: 0
net.inet.ip.fwsync.acct.edge_states: 11
net.inet.ip.fwsync.acct.collector_states: 5
#Statistics via ipfw
sudo ipfw sync list
sync edge states 11 aliases 3
sync collector states 5 aliases 0
sudo ipfw sync list edge
sync edge states 14 aliases 3
sudo ipfw sync list collector
sync collector states 22 aliases 0