On Mon, May 31, 2010 at 5:49 PM, Justin The Cynical <cyni...@penguinness.org> wrote: > On 5/31/10 1:58 PM, Chris Buechler wrote: > > *snip* > >>> >>> The port forward to .65 works, but the .69 does not. If the machines >>> failover (.69 becomes the active machine), the forward for .69 works, >>> but the .65 does not. When .65 comes back up as the active box, the >>> forward on .69 stops working. >>> >> >> That's just how it works. WAN addresses are usable, but only when that >> particular box is the master. > > Ah, OK, I was given to understand that they were useable all the time as > were the CARP addresses, they were just not redundant. > > Thank you, that's what I was needing to know. >
With one caveat - if you forward something off the WAN IP of the secondary to an internal host, and set that internal host's default gateway to the LAN IP (not CARP) of the secondary, it will work. The problem with that not working in a normal scenario is because the reply traffic goes to the wrong firewall. You really don't want to do that though, gets to be a real mess. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org