Matias wrote:
El 01/06/10 18:09, Evgeny Yurchenko escribió:
Matias wrote:
El 01/06/10 17:14, Evgeny Yurchenko escribió:
Matias wrote:
El 01/06/10 17:00, Evgeny Yurchenko escribió:
Matias wrote:
Hi,
I've an internet connection on which my ISP provides a /29 network,
just one IP for my pfSense (1.2.1) box and on ip for their gateway.
I'd like to set up this IP as CARP and be shared with the second
pfSense box I have, but as far as I understand, in order to have
this
IP address as CARP I must set up another two IPs on **the same
range**
the CARP IP is.But I don't have more real IPs.
What is your recommendation in this situation?
Thanks for your help.
/29 gives you 6 usable IPs.
pfSense-1
pfSense-2
Gateway
and you can configure 3 CARPs.
Evgeny.
Sorry, it is a /30 actually.
Oh. In this case you have to get more public IPs from your provider.
Do you know if with pfSense 2.0 there will be the option to usea a
CARP IP outside the interface(s) network?
To me it just does not make sense - to use IPs on WAN than can not be
routed to you by Provider. What for?
The only IP reacheable from my ISP point of view should be the CARP one.
Why would I like to have two routeable (and payed) public IP addresses
on the real interfaces of each pfsense box that I'm not going to use ever?
Actually, I was wondering the same thing after my CARP adventure this
weekend (which ended up with me rolling it back to the original one box
config due to the way port forwarding works when based on the WAN address).
If the idea of CARP is to have multiple IP's "shared" between a pair of
machines, and the address for the boxes themselves are not used for
anything, why burn a usable IP on them? Why not assign them an IP
outside of the subnet they are physically sitting on?
One can do this with a VMWare box (I have multiple IP's running on an
interface that is outside of the subnet the interface is on, and another
that doesn't even have an IP assigned to it that deals with multiple
IP's via vmware server), so why not with a WAN address on a pair of
CARP'ed machines?
The only thing I could see it breaking would be if the pfs boxes are
pulling data (NTP updates, packages, etc) from the outside, but that
assumes that these kinds of things default to the WAN address and can't
be redirected out one of the CARP addresses.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
