Much clearer. I've never tried CARP on an alias, but it should probably work.
However, I don't think that it can be an existing carp* interface. Use carp3; i.e a different carp interface. Create "inet alias" in the .bnx0 file, and a new .carpX file with a different "vhid" (different from carp2). On a side note, I've found out that the physical interfaces on WAN do not necessarily need to have actual WAN (globally routed) IP's. So, if you are low on globally routed IP's, you can try using RFC1918 IP's on bnx0 (and it's aliases for DMZ). These IP's are merely needed to send multicast for CARP. If any of the esteemed OpenBSD developers want to call BS on the above, please, have a go :) Please let us know of the results. - Igor On 2/28/17 10:01 AM, Frank White wrote: > ok.. I'll try. > I use the google dns ip as example for my static public ip address. > fw1 carp0 8.8.8.8 ## (internet shared ip <-- lan) > fw1 carp1 192.168.1.1 ## (lan shared ip default gw) > fw1 carp2 10.1.1.1 ## (dmz shared ip) > fw1 bnx0 8.8.8.7 ## (internet) > fw1 bge0 192.168.1.2 ## (lan) > fw1 bnx1 10.1.1.2 ## (dmz) > fw1 bge1 192.168.254.1 ## (pfsync) > > fw2 carp0 8.8.8.8 > fw2 carp1 192.168.1.1 > fw2 carp2 10.1.1.1 > fw2 bnx0 8.8.8.6 > fw2 bge0 192.168.1.3 > fw2 bnx1 10.1.1.3 > fw2 bge1 192.168.1.254.2 # (pfsync) > > Now I want add 8.8.8.10 static and public ip to flow the traffic to > the dmz because 8.8.8.8 flow traffic to the lan. > As I understand I have to add the following lines to IF configuration > files: > > fw1 hostname.carp0: inet alias 8.8.8.10 255.255.255.255. NONE > fw1 hostname.bnx0: inet alias 8.8.8.11 255.255.255.255 NONE > > fw2 hostname.carp0: inet alias 8.8.8.10 255.255.255.255. NONE > fw2 hostname.bnx0: inet alias 8.8.8.12 255.255.255.255 NONE > > is that right ? > > > 2017-02-28 15:07 GMT+01:00 Igor V. Gubenko <i...@gubenko.com > <mailto:i...@gubenko.com>>: > > It's not completely clear - > > 4) - is the IP 10.1.1.2 on a separate interface? What did you > configure > carp2 on? > > Can you restate your question and/or describe how you want the traffic > to flow, as well as your network topology? > > - Igor > > > On 2/27/17 6:07 AM, Frank White wrote: > > hi, > > I have 2 firewall in cluster with carp. The following is my > configuration > > (8.x.x.x are examples for wan ip): > > first firewall > > 1) bnx0 8.8.8.7 (internet) > > 2) bge0 192.168.100.2 (lan) > > 3) bnx1 pfsync > > 4) 10.1.1.2 dmz > > > > carp0 8.8.8.8 (internet) > > carp1 192.168.100.1 (gateway for the lan) > > carp2 10.1.1.1 (gateway for the dmz) > > > > now I want add the ip 8.8.8.10 to redirect all traffic from it > to the dmz... > > how should I configure it ? > > I know how to redirect the traffic with pf.. my question concern > how to > > configure carp and the nic.. > > for example should I create a new carp with ip 8.8.8.10 and an > alias for > > the bnx0 with ip 8.8.8.11 ?
