One last thing:

Is there currently any way to *not* assign an IP directly to the WAN
interface in a CARP config?

Since the IPs assigned directly to the WAN can't be used in a failover
situation (if I understand correctly), I would like to not have to use
an extra public static IP to set up each CARP member.

I was thinking that *maybe* if I just assigned an IP from a private
address range to the WAN interface (obviously NOT an address I'm using
internally on the LAN side), but actually used the correct subnet mask
and gateway address for my public subnet, maybe it would work if I
changed AON to NOT use the "default" IP on the WAN. Does that make
sense?

If there is currently no way, maybe a feature could be added such that
you could choose one of the CARP IPs to be the "default" IP on the WAN
interface to achieve this and have the rules work. Would that make
sense? Of course, this might be moot if there's a way to do it already..

Thanks guys..

Dimitri Rodis
Integrita Systems LLC 


-----Original Message-----
From: Chris Buechler [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 17, 2008 5:32 PM
To: [email protected]
Subject: Re: [pfSense Support] 3-way CARP

On Thu, Apr 17, 2008 at 8:24 PM, Dimitri Rodis
<[EMAIL PROTECTED]> wrote:
> So really the peer IP option is there for folks who don't have a
>  dedicated interface, so that the pfsync traffic doesn't flood the
>  network, is that right?
>

No, it's more for networks with switches that don't play nicely with
multicast traffic.


>  So, in a 3-way config, do you always have to make configuration
changes
>  on the "master"? Or can they be made on any of them?
>

you always have to make changes on the master. any changes made on any
other machine will be overwritten.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to