On Mon, 03 Oct 2005 23:19:30 -0500"Neil" <[EMAIL PROTECTED]> wrote:Hey guys,What will I change in pf.conf if I'm not going to use NAT anymore? It's because, the current setup of the servers including the firewall uses publicly routable addresses and there is no NAT. I still wanted to have failover that maintains existing states/connections even ifone firewall goes down or cables get disconnected.Humm as far as I know a router does not have a state table as such, it merely routes, as opposed to NAT. With NAT the FW indexes the source port+address with a destination port+address, which yields a state. When the FW sees another packet which matches either socket (port/address) itwill forward accordingly.To use your pf.conf for a routed network you would need to remote the nat/rdr lines, and alter the .conf so that you have network and IP address entries that are routeable, and to the best of my knowledge it should work as expected, but I do not think there is a state table when you don't use NAT, but it should not hurt to leave that setup in it'srunning configuration.-- Regards, Ed http://www.usenix.org.uk
So are you saying that failover will still work on a route setup?
ed writes:
- no NAT, all public ip address Neil
- Re: no NAT, all public ip address ed
- Re: no NAT, all public ip address Neil
- Re: no NAT, all public ip address ed
- Re: no NAT, all public ip address Henning Brauer
- Re: no NAT, all public ip address eric
