-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Uffner <[EMAIL PROTECTED]> wrote: > > on redundant CARP firewalls where it is not obvious how the shell can > determine the shared MAC address of carpN and presumably only the the > box with the fastest heartbeat should be proxying unless it goes down.
The MAC used for CARP interfaces is 00:00:5e:00:01:<vhid>, where the last octet is the vhid for the interface. You should be able to simply configure both firewalls to respond with the virtual MAC for any CARP interfaces. Any ARP clients which ask will receive the same answer. It should not be a problem that both firewalls respond to any arp request since they are serving the same information. - -- David DeSimone == Network Admin == [EMAIL PROTECTED] "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFGn8P7FSrKRjX5eCoRAhiaAJ9Wk6xpP72LtevGQ+5/QodTPM42NwCfWjb6 FSAuWEpptwXUUvhq/I2/pWk= =h1bz -----END PGP SIGNATURE----- _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
