On Thu, Nov 18, 2010 at 2:15 PM, Steven Surdock <ssurd...@engineered-net.com> wrote: > > > -----Original Message----- > > From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf > Of > > Stuart Henderson > > > > On 2010-11-18, Jan Johansson <janj+open...@wenf.org> wrote: > > > Jeff Ross <jr...@openvistas.net> wrote: > > >> What can one then use for the IP addresses for the $ext_if of the > > >> firewalls? > ... > > Also useful when you want to connect out externally from whichever > > firewall isn't master. (e.g. dns lookups, ntp, fixing problems from > remote > > locations...) > > True, but you can always use ifstated to modify the default gateway on > the backup FW to point to the internal address of the active FW. > Assuming you have assigned addresses on the physical LAN interfaces. > That doesn't help with any sort of remote access to the backup FW, > however. B As said, it is nice to have IP's on the external interfaces, > but not required. > > -Steve S. >
Or, on both machines you could forward port 33333 to the internal port 22 of one firewall and 33334 to internal port 22 of the other. That way you could get to either machine but only use one external IP.
