Good Morning, I'm currently in the process of configuring a new firewall for my company and would like to know the following:
1. Is it possible to configure OpenBSD firewall interface as follows: carp10 - int/ext virtual eth dev (ip of CVI - shared between fw's) | vlan10 - int/ext virtual eth dev (ip of NDI - not shared) | pcn0 - int/ext eth device (no ip) Basically, I'd like to use vlan's on top of physical interfaces, with carp devices on top of vlan logical interfaces. 2. I'm guessing that when the firewall is configured as above, I'll refer to vlan interface with carp specific IP address (rather than physical int)? 3. Do I need to add virtual IP addresses to the firewall to answer for each public IP address, or can I simply configure the router to route all traffic for subnet through IP address of external carp device of firewall? Regards, Garron -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
