* Aaron <[EMAIL PROTECTED]> [2007-12-30 00:52]: > I got rid of the aliases on the parent interfaces and made their addresses > part of the > carp network and things now seem to be working. This is great, and not so > great as > for my public address space, i'm losing another two addresses that i have > to give to > the firewall. :-( > > Is this the way it was intended or have i bumped into some unfortunate > untested 'issue'?
if you think about it, it is the only possible way. while the carp interface is not master, you cannot reach the networks on it. which is not a problem if it is a /32. how should that work? do you want toestablish a tcp connection where you never see the replies, because they go to your other firewall (the carp master)? -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
