* Kim Zeitler <kim.zeit...@konzept-is.de> [2014-07-25 11:19]: > we have a similar setup here, with only a /29 range of external addresses. > Until now, we have had no problems so far running this using only one > external carp IF (using a private IP) and adding all external addresses > as aliases. But we do not use bi-nat for our DMZ Servers.
there really is nothing wrong with aliases on carp interfaces. you ahve to keep them in sync of course. just like the vhid and the passphrase... -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
