On 3/15/06, Peter Curran <[EMAIL PROTECTED]> wrote: > I have been asked to setup a couple of pfsense boxes as a high-availability > pair, using CARP. One problem is that only 5 public IP addresses are > available for the site and 4 are needed to access servers on the DMZ.
Do all four need high availability? Can you have one that isn't highly available? If so, you can easily run carp on 3 of them, and use the physical IP of the master to nat to the other server. > Is it possible to use private addresses (eg 10....) on the WAN interfaces of > the boxes, reserving the public addresses for use by CARP. Nope. A nasty (and I do mean nasty) hack is to use a /28 instead of a /29 which would allow you to put the firewall physicals outside of your /29. It's a hack and has issues, the least of which is that you can't access the /29 that you're stealing IP space from. If that's not a concern, it's at least a potential workaround. At least until FreeBSD supports carpdev. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
