On Apr 9, 2014, at 08:39, Janne Johansson <[email protected]> wrote: > If you want the slave machine (the one currently not winning the carp > elections) to be able to send traffic (logs, mail, respond to monitoring and > so on), you want local traffic to be originating from the interface IP and > not the carp ip.
it's configured to not send that out to WAN. Using em0 for that, here is the picture from http://www.openbsd.org/faq/pf/carp.html#failover with carp devices added. With LAN, I don't really care about the src addr. With WAN, I have to comply to an upstream rule. | carp1 | +----| WAN/Internet |----+ | | em2| |em2 +-----+ +-----+ | fw1 |-em1----------em1-| fw2 | +-----+ +-----+ em0| |em0 | | ---+-----| LAN |-----+--- | carp0 | when I send out to WAN on fw1 or fw2 the src addr is em2 as described in http://www.openbsd.org/faq/pf/carp.html#RulesetTips that's just fine. still my question is: are there other options besides nat-to to set the src addr for traffic going to WAN? What would you be using? fl
