jamona perez wrote:
Okay, I did not realize that, this is really helpful info. Thinking
about it for 2 minutes I just realized that a in bridge mode, the WAN
does not "really" have an IP address, does it ? so carp has no IP
failover to do whatsoever.
Please Correct me if I'm wrong.
So if the best I can do is having a "spare" box standing by to get
fired up if the other goes down ,it's what i'm going to do. But if you
can think of any mecanism (similar to linux heartbeat) that can sit
here waiting for the other side to fail, then take the appropriate
measure (read "configurable" like starting the proper services) to
ensure high-availability of such a system, I'll be more that glad to
hear about it.
If pfSense will allow you to pass STP frames across it, you could just
put two pfSense boxes in parallel like so
EXTERNAL SWITCH
FA0/1 FA0/2
| |
| |
FW1--SYNC-- FW2
| |
| |
FA0/1 FA0/2
INTERNAL SWITCH
Assuming that STP will pass the packets, you should have no issues in
this configuration. STP will put the ports of FA0/2 into blocking mode,
and no traffic will pass unless traffic stops flowing across FA0/1 (yes,
i have just realised that you were probably meaning gig interfaces, but
i did the diagram already :P)
Someone else here will probably better know wether or not you can pass
STP across pfSense correctly...
You might also want to use two more interfaces for management? (don't
give the firewalls IPs on the bridge, so that FW2 is still accessable
when the links are blocking!)
adam.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
