On Wed, 29 Oct 2008 00:22:01 -0400, Steven Surdock wrote: >I've used the following for a while (naturally this assumes that the ISP >link is delivered via some shared medium and not a point-to-point link) > >/etc/hostname.xxx0: >up description "to ISP" > >/etc/hostname.carp0: >inet 192.168.1.2 255.255.255.252 192.168.1.3 vhid 1 carpdev xxx0 > >-Steve S. > > >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf >Of >> Rod Whitworth >> Sent: Tuesday, October 28, 2008 11:49 PM >> To: Miscellaneous OBSD >> Subject: Deploying carp with limited global IPs >> >> In preparing for a possible carp redundacy setup for a client's border >> router/firewall I have found no information so far as to whether it is >> possible to have carp working where the link to the ISP is a /30. >> >> Every example I have found in presentations and tutorials has used 3 >> IPs on a typical dual firewall setup. So they assume (all fictional >> addresses here) something like 4.3.2.1 is the upstream router, with .2 >> for the $ext_if in unit 1, .3 for $ext_if in unit 2 and .4 for the >> carp0 in each. >> >> With a common enough point-to-point /30 link where upstream is .1 and >> the firewall is .2, what can we use in hostname.xx0 in each of the >> firewalls? No more IPs are available from the ISP apart from a routed >> subnet that is expecting to arrive via .2. >
Sorry, but I don't get what your suggestion can do for the case I proposed. Maybe I'm dense. Assuming my link is 4.3.2.0/30 the upstream router is 4.3.2.1 and I have no choice but to use 4.3.2.2 as my $ext_if. How does that work with your example? Thanks, *** NOTE *** Please DO NOT CC me. I <am> subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device
