On Tue, Jun 12, 2012 at 6:17 PM, bsd <[email protected]> wrote: > > So is there any solution in order to use CARP and still be able to filter in > such scenario ? >
You can hack a script into devd to down and up the bridge with the CARP status, but I would avoid that if at all possible. > I have other internal Net, would NATing from public IP's to internal (RFC > 1918) be ok in order to filter and use redundant FW ? > > Or should I try to have the ISP route our public IP's through a /30 or smthg > similar… > With a /29 on WAN, routing the /27 to you, that's definitely best. Has to be a /29 for CARP (or HSRP or VRRP, ISP should be familiar with that requirement since it's the same for every routing redundancy protocol). _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
