a.) external lan card is 209.242.x.51/255.255.255.248 b.) 2nd lan card is at 209.242.x.97/255.255.255.240 c.) 3rd lan card is at 209.242.x.113/255.255.255.240d.) router is at 209.242.x.49/255.255.255.248 The blocks on b and c can be combined together so it becomes /27 or 255.255.255.224. That's what the ISP gave us. We just divided it before since we have another client. That client is gone so I have those ip addresses back to us again and I will be able to use the 3rd lan card for pfsync. There will be 30 hosts in all for this block. My confusion is the carp ip addresses. In my hypothetical network, my setup was NAT. However, in the production, there is no NAT since all ip addresses are public ip address. The webserver is on 209.242.x.102 which is on the second network block, how will I be able to use this ip address as carp ip address? I would like to retain the settings but still able to take advantage of firewall failover via pf/carp and pfsync. Is this possible with my situation or do I really have to change the ip addressing? Thanks, Neil
hey guys,
I'm in a confustion. I'm planning to install a new firewall by changing the
freebsd ipf with openbsd's pf. However, with the current ip addresses that
we have, I don't know if pf/carp/pfsync will still work in my scenario.
I have created a hypothetical 2 test openbsd pf/carp/pfsync firewalls and
they are working great. However, the internal lan card uses private ip
address and external lan card uses public ip address. The third nic is for
the pfsync interface.
My confusion now is that, I want to migrate to the openbsd firewall without
having to reconfigure ip addresses on the existing webservers.
Currently, the settings for the production firewall are
- Will it work? Neil
- Re: Will it work? Neil
- Re: Will it work? Neil
