Re: [pfSense] Question about failover setup

2012-06-20 Thread Seth Mos 

Op 20-6-2012 5:34, Jerome Alet schreef:

Hi,

On Tue, Jun 19, 2012 at 08:35:38AM +0200, Seth Mos wrote:

Op 18-6-2012 23:26, Jerome Alet schreef:

So now that I'm trying to replicate the OpenBSD configuration on my
pfSense 2.1 boxes, I'm wondering if I really need 3 distinct IP
addresses on each vlan and what are the consequences of using only one
on the carp interface ?

For pfSense you definitely need 3 addresses per vlan.

Thanks for your answer.

No, maybe a stupid question... Is it mandatory that all three addresses
are in the same subnet, or is it possible to have the virtual one in a
different subnet than the two real ones (still all three would be on
the same vlan, but on different subnets) ?
Mandatory, how would the pfSense firewall itself reach the internet for 
DNS and updates? It can't source everything from the CARP vip. Although 
theoretically the traffic going through the firewall should be 
unaffected. It's a crapshoot though that generally does not work too well.


We hope that the CARP overhaul that is included in FreeBSD9 will help us 
in this case, but we can't guarantee that it will work this way either.


Regards,

Seth
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] Possible bug in gateway monitoring in 2.1 snapshot (Sat Jun 16 08:16:08 EDT 2012)

2012-06-20 Thread Jerome Alet 
Hi there,

While playing with gateways and monitoring alternative IP addresses,
I've noticed a problem.

When you add an alternative IP address to monitor, a static route is
added between the gateway address and the address to monitor.

But when you delete this alternative IP address, click on save and
then on apply changes, the static route is not removed as can be seen
with netstat -nr.

Once you know this it's OK, but when you don't know and try to monitor
the external IP addresses of two links to two different ISP, each one
monitoring the other one, this creates some funny routing problems even
when you disable this monitoring, and this renders the problem difficult
to understand, and then fix.

Is this a bug or normal behavior ?

TIA

--
Jérôme Alet - jerome.a...@univ-nc.nc - Direction du Système d'Information
  Université de la Nouvelle-Calédonie - BPR4 - 98851 NOUMEA CEDEX
   Tél : +687 290081  Fax : +687 254829
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list