On Thu, 2010-10-28 at 14:34 -0400, Jim Pingle wrote: > On 10/28/2010 1:43 PM, David Burgess wrote: > > On Thu, Oct 28, 2010 at 11:35 AM, Gerald Waugh > > <gwa...@frontstreetnetworks.com> wrote: > > > >> We use bridging as the pfsense machine firewalls servers with public IP > >> addresses. Clues on how to accomplish with routing appreciated. > > > > You have a public subnet from your ISP, 1.1.1.0/24, for example. > > > > You get a static IP from your ISP that is outside your subnet, > > 2.2.2.1, for example. > > > > Your ISP has to route your subnet to your static IP. > > > > On pfsense: > > > > WAN is 2.2.2.1 > > LAN is 1.1.1.1/24 > > dhcp server on LAN (if desired) gives out 1.1.1.2 - 1.1.1.254 > > > > Did I understand your question correctly? Or is this somehow more > > complicated when carp is involved? > > Close. You just need at least a /29 on the WAN side so you have enough > IPs for CARP - one for each box and the shared IP. The other subnet is > routed to the shared CARP IP. > > On the internal side, one IP out of your block is for CARP on your > LAN/OPT interface, and again one for each box. Items in the internal > side use the shared CARP IP as their gateway.
Appears to be ongoing expense to have to get another subnet from ISP. We have a /24 now and the servers use this, We use bridging to get them through the pfsense firewall, and works great. Just looking for the redundancy carp provides. Gerald