[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
On Dec 12, 2004, at 8:54 AM, ed wrote:
Anyway, I have a /etc/pf.conf file which was originally for a single
firewall, which worked for a normal layout with two interfaces. I am
attempting to do the following:
The two boxes have two interfaces, although most documentation suggests
using a third interface with cross over, which I don't currently have.
It's not a requirement; I've sent pfsync traffic across the int_if,
but it's not ideal.
My existing firewall script allows access to 184.108.40.206 and
220.127.116.11, should I be treating incoming packets as packets for
18.104.22.168/4, or 22.214.171.124?
You can filter on all of them. The "real" address on each interface
still allows dedicated access to each firewall. However, when
filtering traffic across CARP virtual interfaces, remember that you
filter on the PHYSICAL interface (fxp0), not on the virtual interface
Is it possible to provide two CARP interfaces over the fxp0 like I
and if I do, will it work as intended?
Yes, I've done many CARP interfaces using aliases on a single physical
Needless to say, what I am trying to has not worked.
Without providing your configuration (hostname.*, pf.conf), it's
impossible to help you. It would also help to know what
troubleshooting you've already tried and what errors/failures you're