On 2007/06/04 08:19, David Newman wrote: > Stuart Henderson wrote: > > On 2007/06/04 07:11, David Newman wrote: > >> I could divide the /26 into smaller netblocks and configure pf to route > >> between them but I'm reluctant to do that given that I'd burn a network > >> and broadcast address for each netblock, and a /26 is small enough as it > >> is. > >> > >> Is there a better way? Thanks. > > > > yes, bridging. > > OK, but how then to get redundancy across the firewalls?
you found it already: pfsync+spanning-tree bridge http://www.seattlecentral.edu/~dmartin/docs/bridge.html 4.1 has rapid spanning-tree, so it's acts more quickly than when that article was written. summary: you don't want to route, so you need L2 failover carp is used for L3 failover spanning-tree is used for L2 failover, it lets you have a number of redundant network paths and blocks all but one
