Date: Wed, 16 Feb 2011 15:59:11 -0500 From: "kevin" <k@kevinkevin.com> To: "'Damien Fleuriot'" <ml@my.gd> Cc: freebsd-pf@freebsd.org Subject: RE: Questions about PF + Multiple gateways + CARP on a public ip network Message-ID: <017801cbce1c$5d99fc90$18cdf5b0$@com> In-Reply-To: <4D5BF6FE.8090704@my.gd> References: <00a401cbcd3d$fe313d10$fa93b730$@com> <4D5BD4E6.90605@my.gd> <00cf01cbcdf2$d54f6100$7fee2300$@com> <4D5BF6FE.8090704@my.gd>
next in thread | previous in thread | raw e-mail | index | archive | help
>If you only have one gateway, then you have nothing to worry about for >this part. They provide a gateway address for each subnet they allocate to me -- which probably is assigned to the same device for them, but I would need to establish these rules in my freebsd firewall , correct? >If you expect a lot of traffic, I recommend you do NOT use pfsync to >synchronize existing sessions on the backup firewall. Why not? Is this a generally accepted practice not to use pfsync because of this? How much traffic is too much? The firewalls should average about 5,000 - 10,000 states on any given day, afaik. Im more worried about failover than I am about states being kept, but it would be nice to utilize pfsync if it wouldn't be too risky. Thanks, Kevin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?017801cbce1c$5d99fc90$18cdf5b0$>