Re: pfsync, carp, transparent bridge
Lyle Worthington wrote: Our firewall is ipless, all traffic just runs through it because it is the only way in or out of our network. CARP and pfsync both needs IPs to operate. In pfsync's case, it'll use multicast or a unicast address. For CARP, failover is on a per IP basis and CARP'ed addresses require an address on an existing interface. cheers, Sean
pfsync, carp, transparent bridge
I have found other instances of this question, but never a complete answer on how to do this... Our firewall is ipless, all traffic just runs through it because it is the only way in or out of our network. We have discussed different options but at this time are unable to change our setup. Has anyone gotten this working with pfsync and carp? Does carp/pf control the status of the bridge so whichever firewall is the master the bridge is up, and the other firewall's bridge is down? We are worried about duplicate packets hitting/leaving our network as we would just have a hub from the router to the external interfaces and a hub from the internal interfaces to the network. Thanks, Lyle Worthington