Re: multiple subnets and gateways on CARP interface

Tue, 11 Nov 2008 07:56:56 -0800 

On 29 Oct 2008, Mark Nipper wrote:
>       Now, my ISP has allocated a new, public subnet for me.
> I'm wanting to add to my existing subnet on the external side.
> I've seen only a handful of references to doing this on the
> mailing list, and none are very detailed.  Here is my current
> setup in /etc/hostname.carp0 (names and passwords changed to
> protect the innocent):
> ---
> inet 1.1.1.194 255.255.255.224 1.1.1.223 vhid 1 carpdev bnx0 pass nopasswd
> inet alias 1.1.1.195 255.255.255.255
> inet alias 1.1.1.198 255.255.255.255
> inet alias 1.1.1.199 255.255.255.255
> inet alias 1.1.1.204 255.255.255.255

        So I'll answer my own question.  I finally set this up in
production.  I left the original hostname.carp0 as the above
example.  I added my new subnet on the external interface as
carp2 (so I've got the following in hostname.carp2):
---
inet 2.2.2.66 255.255.255.192 2.2.2.127 vhid 3 carpdev bnx0 pass nopasswd
inet alias 2.2.2.67 255.255.255.255
inet alias 2.2.2.68 255.255.255.255
inet alias 2.2.2.69 255.255.255.255

        And that was it!  I didn't have to mess with a manual
route or add any route-to or reply-to statements in my firewall
configuration and I'm able to redirect port requests from these
external IP addresses on my firewalls to hosts on my private,
internal subnet.

        I'm not sure if running multiple CARP interfaces on the
same physical interface is necessarily the recommended way of
accomplishing this, but it seems to work well enough so far.  I
also haven't tried doing any NAT for these addresses, just
redirects so far.  So maybe I will eventually need some extra
logic in pf.conf.  But so far, so good.

-- 
Mark Nipper                                                e-contacts:
12345 Lamplight Vlg 818                             [EMAIL PROTECTED]
Austin, Texas 78758-2564                    http://nipsy.bitgnome.net/
(979)575-3193                      AIM/Yahoo: texasnipsy ICQ: 66971617

---begin random quote of the moment---
"The religious persecution of the ages has been done under what
was claimed to be the command of God.  I distrust those people
who know so well what God wants them to do to their fellows,
because it always coincides with their own desires."

 -- Susan B. Anthony (76 years of age at the time) addressing the
    National-American Woman Suffrage Association, 1896
----end random quote of the moment----

Reply via email to