On 2015-Mar-09, at 2:38 AM, Brian Candler <[email protected]> wrote:
> On 09/03/2015 09:33, Bryan D. wrote: >> So, for what I'm doing, an IP Alias VIP seems like it should work where a >> CARP VIP works -- but it doesn't appear that a Proxy ARP VIP should, since I >> think I'm using them by the "firewall itself" (i.e., port forwarding and >> NATing) ... no -- or does that mean something different? >> > As I understand it, "used by the firewall itself" means traffic which > terminates *on* the firewall: for example, the firewall admin web page, and > any services which run on the firewall itself (e.g. DNS cache, packages you > have installed) > > Traffic which is forwarded *through* the firewall, including NAT, is not > addressed to the firewall itself. So it sounds like the IPsec and OpenVPN traffic would be such traffic? And it also sounds like the "regular stuff" should work, also. Is there some additional rule that's needed when I switch the VIP to IP Alias from CARP? _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
