On Thu, 29 Dec 2005 23:04:02 -0700 j knight <[EMAIL PROTECTED]> wrote:
> When you compare "pfctl -ss" on either firewall, do you see state > information being replicated? > > The addresses that you're NATing to, are those the carp IPs or the IPs > on the physical interfaces? Yes those IP's are all CARP, each physical interface has it's own IP, but these are not used publicly for NATing. The CARP IP on the bge0 network is 172.22.96.1, which is where the responses go (it's the default route for that network). I am away from the firewalls till Tuesday, when I will get the pfctl -ss output. -- Regards, Ed http://www.usenix.org.uk - http://irc.is-cool.net :%s/Open Source/Free Software/g
