I have read everything I can find.
including
http://doc.m0n0.ch/handbook/faq-ipalias.html
I have multiple C class subnets, (2 are continuous - so its a /23 ... nice, a seperate /24, and a seperate /29).
the /29 is used for routing the other address (I think).
I want to use DMZ servers with private IPs - so I think that cuts out routing (as suggested in monwall doco above).
eventually I'll get down and dirty with VLANs, and have different public IPs being sent to different private subnets, over differ VLANs.
What I'd really like:
- use CARP to failover everything I do. Currently works great on the /29
- I am guessing I need to list the IPs somewhere - like in 'virtuals IPs', otherwise other tools wont place nice.
- I am also trying to avoid cascading pfsense boxes, like routing from one to another, and the second doing the NAT - as it is the opposite of high availability.
Just saw a bloke playing with proxyarp.I cant proxy arp - as I dont think that will failover at all.
1:1 NAT is no good to me, as I'll want different subnets for different addresses later.
This looks most promising: (from the monowall link above)
NAT
* inbound/server NAT
Use this if you want to redirect connections for different ports of a given public IP address to different hosts (define one or more of your secondary IP addresses for server NAT, then use them with inbound NAT as usual).
but its not real explicit. 'server nat' is that via 'load balancer' for pfsense? or is that just normal old 'nat port forward' - but how do I select the addresses ?
perhaps seperate clusters of pfsense for each subnet (3 clusters in my case)
ideas ?
| |
| SCOTT FARRELL | |
| IBM
CERTIFIED Consultant | |
| m | 0412 927 156 |
| p | 02 9411 3622 |
| f | 02 8214 6426 |
| a | IBM Building,
The Atrium 601 Pacific Highway, St Leonards NSW 2065 |
| w | www.icconsulting.com.au |
