if the addresses on the carp interface are out of sync, then the hashes won't mash, and the firewalls *WILL* conflict with each other.
I recommend one IP per carp interface. Far nicer in case you screw that bit up, and much easier to balance IPs to one system or the other. On 2014 Jul 24 (Thu) at 15:23:07 +0200 (+0200), Waldemar Brodkorb wrote: :Hi OpenBSD hackers, : :we like to use OpenBSD for our corporate firewall. :We have two appliances and want to setup carp and pfsync. :In the past I used this for a simple firewall connected to :a provider via dsl without a DMZ. This worked fine and I know :how to configure it. : :Now our firewall is used for outgoing connections into the internet :and for incoming connections to our DMZ servers. (We use binat, :the ip adresses of the network (/26) are bound on the wan interface :of the firewall. : :According to :http://collaboration.cmc.ec.gc.ca/science/rpn/biblio/ddj/Website/articles/SA/v14/i05/a6.htm :I could use aliases with ifconfig. : :Do you think there would be any issues in using 60 aliases :for the wan interface? : :best regards : Waldemar : -- Know thyself. If you need help, call the C.I.A.
