On Wed, Dec 16, 2009 at 7:14 PM, Trevor Benson <[email protected]> wrote: > I noticed that when creating a CARP virtual that it requires it to be > attached to an interface with the same network. However when creating a > proxy arp, it does not have this requirement. Wouldn't it be logical to > allow them to have the same validation check? I am currently using proxy arp > virtuals on a pair of failover pfSense 1.2.3 systems, so if firewall A fails > I will need to manually create the Proxy ARP's on B. I know i can download > the config.xml and modify the entries to perform as expected, and will once i > get a chance to test it outside of business hours, however if Proxy ARP is > allowed, I do not see the reason to deny this from CARP.
It is more of a kernel limitation than anything. CARP will panic (or at least used to prior to FreeBSD 7.2) under many circumstances so we have to have more input validation. Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
