On Wed, Mar 14, 2007 at 11:53:00PM +0100, Holger Bauer wrote: > It is possible with pfSense but depends on the public Ips/subnets. If they > are all in the same subnet you either have to use a bridging setup or you > have to use virtual Ips at the pfSense and then nat them to your internal > hosts (which then have a prvate IP).
With a carp+pfsync cluster the latter is the only option, correct? It troubles me at the gut level. Both because I need to switch the addresses of the hosts (which is impossible to recover from remotely) and because one has learned to associate NAT with a kludge. But in this case there is one virtual IP (of the public subnet) mapped 1:1 to the private internal IP (from 10.0.0.0/24 or 192.168.1.0/24 or somesuch). Does this have any unanticipated side effects? With a filtering bridge I can switch over to a second system manually, and restore from the backup configuration. This is even less acceptable. Is above more or less correct? -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
signature.asc
Description: Digital signature
