On Wed, Oct 04, 2006 at 10:18:21AM +0200, Joachim Schipper wrote: > > I have two firewalls running CARP and pfsync for high availability. The > > physical interfaces do not have IP addresses, only the CARP interface > > do. The problem is is that the backup CARP interface still needs to be > > able to source and forward traffic. Is this possible? > > You could set up load-balancing CARP, which may work.
No, this won't work. If you're trying to route some specific traffic to and from the backup firewall, perhaps passing it on the pfsync interface with some nat/rdr magic from the master firewall will do the trick. -Ryan
