On 10/28/2010 1:43 PM, David Burgess wrote: > On Thu, Oct 28, 2010 at 11:35 AM, Gerald Waugh > <[email protected]> wrote: > >> We use bridging as the pfsense machine firewalls servers with public IP >> addresses. Clues on how to accomplish with routing appreciated. > > You have a public subnet from your ISP, 1.1.1.0/24, for example. > > You get a static IP from your ISP that is outside your subnet, > 2.2.2.1, for example. > > Your ISP has to route your subnet to your static IP. > > On pfsense: > > WAN is 2.2.2.1 > LAN is 1.1.1.1/24 > dhcp server on LAN (if desired) gives out 1.1.1.2 - 1.1.1.254 > > Did I understand your question correctly? Or is this somehow more > complicated when carp is involved?
Close. You just need at least a /29 on the WAN side so you have enough IPs for CARP - one for each box and the shared IP. The other subnet is routed to the shared CARP IP. On the internal side, one IP out of your block is for CARP on your LAN/OPT interface, and again one for each box. Items in the internal side use the shared CARP IP as their gateway. Jim --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
