Hi Peter,
Peter Hessler wrote,

> if the addresses on the carp interface are out of sync, then the hashes
> won't mash, and the firewalls *WILL* conflict with each other.
> 
> I recommend one IP per carp interface.  Far nicer in case you screw that
> bit up, and much easier to balance IPs to one system or the other.

Thanks for the hints. The previous firewall is managed via
fwbuilder, which does manage all the ip aliases for the wan
interface for us. It seems fwbuilder has some support for carp,
but I am not sure it will work with ip aliases.

Thanks so far
        Waldemar

Reply via email to