Oh ok. That kind of makes sense. Thanks
On Thu, Nov 13, 2008 at 2:11 AM, Marco Pfatschbacher <[EMAIL PROTECTED]> wrote: > On Wed, Nov 12, 2008 at 11:40:36AM -0800, Vivek Ayer wrote: >> i don't think I understand. Clarify. you mean carpdev is like your >> physical interface..eth0, re0, etc.? > > say you have a carp configured like: > > carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr 00:00:5e:00:01:04 > carp: MASTER carpdev em0 vhid 4 advbase 1 advskew 0 > groups: carp > inet 1.2.3.4 netmask 0xff000000 broadcast 1.255.255.255 > > As you can see, carp0 is using em0 as its carpdev. > A pf rule to pass ssh to the carp address would be: > > pass in on em0 inet proto tcp to (carp0) port 22 > > and NOT: > > pass in on carp0 inet proto tcp to (carp0) port 22 > > HTH, > > Marco
