-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello All,
I am, once again having trouble understanding CARP/pf. It is a shame
this is not covered in Building Firewalls with OpenBSD and PF, by J.A.
or in Absolute OpenBSD, they both cover PF very well, but not CARP.
Anyway, I have a /etc/pf.conf file which was originally for a single
firewall, which worked for a normal layout with two interfaces. I am now
attempting to do the following:
switch
|
+---------+----------+
| |
+---------------------------+
| CARP0 10.10.5.1/24 |
+---------------------------+
| |
fxp0: 10.10.3.31/24 fxp0: 10.10.3.32/24
obsd0 obsd1
sis0: 83.146.42.163/28 sis0: 83.146.42.164/28
| |
+---------------------------+
| CARP1 83.146.42.165/24 |
+---------------------------+
| |
+---------+----------+
|
switch
The two boxes have two interfaces, although most documentation suggests
using a third interface with cross over, which I don't currently have.
My existing firewall script allows access to 83.146.42.164 and
83.146.42.165, should I be treating incoming packets as packets for
83.146.42.163/4, or 83.146.42.165?
Is it possible to provide two CARP interfaces over the fxp0 like I have,
and if I do, will it work as intended?
Needless to say, what I am trying to has not worked.
- --
/-- _| | Regards. Please note, my PGP key ID has changed.
|-- / | | If you are planning on sending me something encrypted
\__ \_| | please update your keyring. Debian/OpenBSD. 53C9FC6C.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBvE1+jtZArFPJ/GwRAl6NAJ41NpAbp619uTKmpY+TVUpGe526JgCdFqtB
PN25i6+2YGLlIHsHemuLyMM=
=A/v2
-----END PGP SIGNATURE-----
