On Mon, 03 Oct 2005 23:19:30 -0500 "Neil" <[EMAIL PROTECTED]> wrote:
> Hey guys, > > What will I change in pf.conf if I'm not going to use NAT anymore? > It's because, the current setup of the servers including the firewall > uses publicly routable addresses and there is no NAT. I still wanted > to have failover that maintains existing states/connections even if > one firewall goes down or cables get disconnected. Humm as far as I know a router does not have a state table as such, it merely routes, as opposed to NAT. With NAT the FW indexes the source port+address with a destination port+address, which yields a state. When the FW sees another packet which matches either socket (port/address) it will forward accordingly. To use your pf.conf for a routed network you would need to remote the nat/rdr lines, and alter the .conf so that you have network and IP address entries that are routeable, and to the best of my knowledge it should work as expected, but I do not think there is a state table when you don't use NAT, but it should not hurt to leave that setup in it's running configuration. -- Regards, Ed http://www.usenix.org.uk