This is correct. If all public Ips are in the same subnet you should prefer natting if you want to have a failover setup. Brdging won't work with having a failover cluster (besides that it's missing some other features like trafficshaping too). Theoretically 2 bidged pfSenses in parallel config should be no problem due to the spanningtreeprotocol support but I have not tested this yet. One of the systems should start blocking (you should be able to see this at status/interfaces).
Holger -----Ursprüngliche Nachricht----- Von: Eugen Leitl [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 15. März 2007 08:55 An: [email protected] Betreff: Re: [pfSense-discussion] multiple WAN address on one nic On Wed, Mar 14, 2007 at 11:53:00PM +0100, Holger Bauer wrote: > It is possible with pfSense but depends on the public Ips/subnets. If they > are all in the same subnet you either have to use a bridging setup or you > have to use virtual Ips at the pfSense and then nat them to your internal > hosts (which then have a prvate IP). With a carp+pfsync cluster the latter is the only option, correct? It troubles me at the gut level. Both because I need to switch the addresses of the hosts (which is impossible to recover from remotely) and because one has learned to associate NAT with a kludge. But in this case there is one virtual IP (of the public subnet) mapped 1:1 to the private internal IP (from 10.0.0.0/24 or 192.168.1.0/24 or somesuch). Does this have any unanticipated side effects? With a filtering bridge I can switch over to a second system manually, and restore from the backup configuration. This is even less acceptable. Is above more or less correct? -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
