one small problem with carp and ip-less interfaces.. scenario: you have no ip address bound to each of the real interfaces, and carp is sharing the one address for you (isp only gives you 1 address).
only the master can craft packets out (assuming this shared carp'ed address is the external). ok, now this makes sense, how is the next hop meant to send packets back? it sends them to the mac address the carp0 is broadcasting, which the master happily accepts, only to see its not in its state table, and drops it. the backup system doesn't get it's acks back.. is there currently a way around this? i bashed a quick thing to route via the other system (via pfsync interface), and if the host is down or this box (the backup) becomes a master, then remove the route and resort back to the default (via the carp0 interface, which the next hop will now reply too, or should i say, the carp0 will now accept to/from) buts thats fair hokey Alex
