RB wrote:
I'm having trouble getting virtual addresses to behave as I expect; my
expectations may be what's off, but I'll let you be the judge.
I have a pair of systems set up as a virtual router - CARP IP on both
WAN and LAN, and clients configured with that as their gateway. Try
as I may, I cannot seem to get the systems' real IPs to "disappear"
and use only the virtual IPs. On the LAN side, if I try to traceroute
to the WAN's next-hop address, I get the master's real IP as my
next-hop instead of (what I would expect) the LAN virtual.
That's correct, AFAIK there isn't anything we can do about that. It's no
big deal, that's the only thing it affects and it's just cosmetic.
On the WAN
side, I see egress traffic coming from the master's real WAN IP
instead of the virtual as well.
Only traffic sourced from the firewall itself will use that IP, unless
you have NAT configured to use it.
I guss this boils down to two questions:
1) Can I NAT client traffic to a virtual WAN IP?
Yes, AON.
2) Can I direct all traffic on a given interface to the virtual IP
and drop all packets to the real IPs?
Yes, you'll have to disable the antilockout rule and setup firewall
rules appropriately. You likely still want to allow management traffic
to the real IP since the CARP IP is subject to move between machines.
Your traceroute replies will still show the real interface IP.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
