> -----Original Message-----
> From: Tom Judge
> Sent: Wednesday, December 16, 2009 1:20 PM
> To: Kevin
> Cc: freebsd-pf@freebsd.org
> Subject: Re: PF Transparent Bridge Firewall + CARP
>
> [router]
> |
> [------switch 1------]
> | |
> [FW1]--{pfsync}--[FW2]
> | |
> [------switch 2------]
> |
> [clients]
I have a really stupid question. If I have a switch with 2 VLANS (one DMZ /
'outside', one internal / 'lan') and two firewalls with transparent bridging
+ PF , filtering all inbound/outbound traffic -- would I even need CARP? Is
CARP overkill?
I'm thinking in a disaster recovery scenario -- if one firewall blows up.
There's no logical master/slave relationship, but wouldn't there be minimal
(if any) downtime?
I'm starting to notice that carp doesn't play nicely with bridging , nor is
there any carpdev implementation for manually specifying physical interfaces
for the redundancy group -- especially necessary if multiple interfaces are
on the same subnet.
All I want is simple redundancy.
Suggestions / ideas / comments are welcome.
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
