From owner-freebsd-pf@FreeBSD.ORG Mon Dec 14 16:39:57 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1CC6C1065694 for ; Mon, 14 Dec 2009 16:39:57 +0000 (UTC) (envelope-from k@kevinkevin.com) Received: from mail-yw0-f172.google.com (mail-yw0-f172.google.com [209.85.211.172]) by mx1.freebsd.org (Postfix) with ESMTP id D6C0A8FC0A for ; Mon, 14 Dec 2009 16:39:56 +0000 (UTC) Received: by ywh2 with SMTP id 2so3201588ywh.27 for ; Mon, 14 Dec 2009 08:39:56 -0800 (PST) Received: by 10.101.142.22 with SMTP id u22mr5434445ann.117.1260808795991; Mon, 14 Dec 2009 08:39:55 -0800 (PST) Received: from kevin (not.enough.unixsluts.com [76.10.166.187]) by mx.google.com with ESMTPS id 4sm1914266yxd.16.2009.12.14.08.39.53 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 14 Dec 2009 08:39:54 -0800 (PST) From: "Kevin" To: References: In-Reply-To: Date: Mon, 14 Dec 2009 11:39:43 -0500 Message-ID: <003001ca7cdc$0b530540$21f90fc0$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Acp82TZ8XvohOjxETt6jYce1LCGD6wAAnZbA Content-Language: en-us Subject: RE: PF Transparent Bridge Firewall + CARP X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Dec 2009 16:39:57 -0000 > -----Original Message----- > From: Kevin [mailto:k@kevinkevin.com] > I have what I would consider not a standard firewall scenario that > requires a second, redundant PF firewall. My first / main firewall is > pf + transparent bridging with no internal network / ip addresses. I realize that carp would require an ip address on both interfaces to work properly... this is correct, right? Could I just assign the 1 ip address / gateway on the bridge0 interface and add a carp interface to fail that over to the 2nd firewall?