On 2014-07-24, Waldemar Brodkorb <m...@waldemar-brodkorb.de> wrote: > Hi OpenBSD hackers, > > we like to use OpenBSD for our corporate firewall. > We have two appliances and want to setup carp and pfsync. > In the past I used this for a simple firewall connected to > a provider via dsl without a DMZ. This worked fine and I know > how to configure it. > > Now our firewall is used for outgoing connections into the internet > and for incoming connections to our DMZ servers. (We use binat, > the ip adresses of the network (/26) are bound on the wan interface > of the firewall. > > According to > http://collaboration.cmc.ec.gc.ca/science/rpn/biblio/ddj/Website/articles/SA/v14/i05/a6.htm > I could use aliases with ifconfig. > > Do you think there would be any issues in using 60 aliases > for the wan interface? > > best regards > Waldemar > >
Is your upstream router within the /26, or do you have a separate link network for that? If it's in the /26 I think you'll have to do it that way, but if you have (or if you can get) a separate link net (e.g. /29 with your+their router and carp/vrrp addresses, you can just nat them, there's no need to place the addresses on an interface.
