Thanks for the advise. On Thursday 16 March 2006 02:53, Bill Marquette wrote: > On 3/15/06, Peter Curran <[EMAIL PROTECTED]> wrote: > > I have been asked to setup a couple of pfsense boxes as a > > high-availability pair, using CARP. One problem is that only 5 public IP > > addresses are available for the site and 4 are needed to access servers > > on the DMZ. > > Do all four need high availability? Can you have one that isn't > highly available? If so, you can easily run carp on 3 of them, and > use the physical IP of the master to nat to the other server. > All 4 need it.
> > Is it possible to use private addresses (eg 10....) on the WAN interfaces > > of the boxes, reserving the public addresses for use by CARP. > > Nope. A nasty (and I do mean nasty) hack is to use a /28 instead of a > /29 which would allow you to put the firewall physicals outside of > your /29. It's a hack and has issues, the least of which is that you > can't access the /29 that you're stealing IP space from. If that's > not a concern, it's at least a potential workaround. At least until > FreeBSD supports carpdev. > Cool - I will give it a whirl. I don't care about the other /29. > --Bill > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
