From owner-freebsd-net@FreeBSD.ORG Tue Mar 1 18:38:46 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 61D38106566C for ; Tue, 1 Mar 2011 18:38:46 +0000 (UTC) (envelope-from k@kevinkevin.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 2E0C08FC20 for ; Tue, 1 Mar 2011 18:38:45 +0000 (UTC) Received: by iyj12 with SMTP id 12so4772585iyj.13 for ; Tue, 01 Mar 2011 10:38:45 -0800 (PST) Received: by 10.42.64.209 with SMTP id h17mr7119821ici.247.1299004725429; Tue, 01 Mar 2011 10:38:45 -0800 (PST) Received: from kkPC (not.enough.unixsluts.com [76.10.166.187]) by mx.google.com with ESMTPS id y8sm4099447ica.14.2011.03.01.10.38.43 (version=SSLv3 cipher=OTHER); Tue, 01 Mar 2011 10:38:44 -0800 (PST) From: "kevin" To: Date: Tue, 1 Mar 2011 13:38:26 -0500 Message-ID: <018001cbd83f$db4a25c0$91de7140$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Content-Language: en-us Thread-Index: AcvYP9kP5zsW0f+QRIWySectCvBxnA== x-cr-hashedpuzzle: Ar9c Aus9 Az0i BHfH Bfl0 BusV B7a8 CJF9 DA0K DB4d DEnm D2Q4 E8X4 IYdR JbHd LAbJ; 1; ZgByAGUAZQBiAHMAZAAtAG4AZQB0AEAAZgByAGUAZQBiAHMAZAAuAG8AcgBnAA==; Sosha1_v1; 7; {448F75C6-DC03-4010-B33B-F6BEBCF0A182}; awBAAGsAZQB2AGkAbgBrAGUAdgBpAG4ALgBjAG8AbQA=; Tue, 01 Mar 2011 18:38:24 GMT; UABGACAAKwAgAEcAQQBUAEUAVwBBAFkAIAArACAAQgBSAEkARABHAEUAIAArACAAQwBBAFIAUAAgAGYAYQBpAGwAbwB2AGUAcgA= x-cr-puzzleid: {448F75C6-DC03-4010-B33B-F6BEBCF0A182} Subject: PF + GATEWAY + BRIDGE + CARP failover X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Mar 2011 18:38:46 -0000 Hello, I made a post to this list several weeks ago regarding transparent bridging + pf + rstp + failover. My experiments with RSTP / MSTP with my switch and freebsd transparent bridging produced many problems. So I would like to remove the 'transparent' item out of the equasion and assign an ip address to my bridge and provide a gateway ip to all my devices through a CARP failover IP address. So my network will look like this : [switch vlan1] | | [fw1 bridge ip x.x.x.x] [fw2 bridge ip x.x.x.y] | | [fw1 CARP gateway IP x.x.x.x] - [fw2 CARP SLAVE gateway IP x.x.x.x] | | [switch vlan2] | [devices (gateway set to CARP gatway IP)] Does anyone see a problem with this configuration? I want to get around the locking issues experienced with transparent bridging with only 1 switch and 2 vlans. My mind is a mess from all these problems so if I'm missing something obvious, please let me know! Many thanks, Kevin