On Sat, Dec 29, 2007 at 03:59:25PM -0600, Aaron wrote: > Still no connectivity to speak of when a machine has a carp interface set > to the BACKUP state. > > Any other ideas?
Hmmm. Th eonly thing I can think of is simplify. Assign a single address to your fxps, and add a carp interface in the same net. Much like the simple example in http://www.countersiege.com/doc/pfsync-carp/. That always worked for me. Do away with all aliases, make that work first and then build up. Oh, if you are doing NAT, do not NAT the traffic coming from the (secondary) firewall itself. That won't work. -Otto
