From owner-freebsd-pf@FreeBSD.ORG Fri Jul 20 19:55:00 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0213416A420 for ; Fri, 20 Jul 2007 19:55:00 +0000 (UTC) (envelope-from biancalana@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.231]) by mx1.freebsd.org (Postfix) with ESMTP id AF80B13C474 for ; Fri, 20 Jul 2007 19:54:59 +0000 (UTC) (envelope-from biancalana@gmail.com) Received: by wx-out-0506.google.com with SMTP id i29so818575wxd for ; Fri, 20 Jul 2007 12:54:59 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=PhLkYlvPRswwwXZSokE4xoNxyyX6hwLHN1wPAi6jZBcE0oDNDkx5oiqv3auseGpA7NbGFUtqXJdJwUYfE+iiFBfVl4RozDSGEA4tUyuwCTW9RXXCTZBqi2JvAxbe3dmuoXwn81MaP056EwV7DjdUYKjOGPoGumJCKqBYr7bvcQM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=eAqD3K3Ppz6Q3XH1w9hImof2oBFe8gAexDdiMs3qUlkuBUxUuft6Ol3C9oAIHPhyYGmUbpn8ZQpsOpCmNGxivYp6//T6BSCzIYxo+ksfSKcJWyasltwju+HCtnu/W0sSLJOhSSONjRU7R3B3Rfo5nXzqwcRz704XW+zX0iYvvgI= Received: by 10.70.31.18 with SMTP id e18mr1363581wxe.1184961299010; Fri, 20 Jul 2007 12:54:59 -0700 (PDT) Received: by 10.70.66.10 with HTTP; Fri, 20 Jul 2007 12:54:58 -0700 (PDT) Message-ID: <8e10486b0707201254j4eece5dq55c1afa838a3092@mail.gmail.com> Date: Fri, 20 Jul 2007 16:54:58 -0300 From: "Alexandre Biancalana" To: freebsd-pf@freebsd.org In-Reply-To: <20070720173722.GB12522@verio.net> MIME-Version: 1.0 References: <8e10486b0707180621q6a38d018u206ce9ee4fbbe10c@mail.gmail.com> <867iow7rwk.fsf@zid.claresco.hr> <8e10486b0707191950s2ffd4e89q7484181acba745be@mail.gmail.com> <866fa9520707200813s7938bdbdjdfb57c87dd23e268@mail.gmail.com> <20070720173722.GB12522@verio.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Single IP failover without carpdev X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jul 2007 19:55:00 -0000 On 7/20/07, David DeSimone wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > That is OpenBSD's documentation you are referring to, but this is > FreeBSD we are talking about. The implementation is not the same. > > In order for CARP to be effective, it must send out hello packets on a > particular interface. Under OpenBSD, I believe there is a "carpdev" > option for ifconfig, which allows you to set the interface explicitly. > However, FreeBSD's implementation (at least in 6.x where I'm familiar > with it) is missing that option. Instead, the interface is chosen by > matching the IP address of the carp interface to the same subnet as the > physical interface. > > In a case where your ISP has only assigned a single IP address to you, > you cannot (legally) assign a pair of addresses to your firewalls and > then assign a third IP to CARP in order to have it bind correctly to > the external interface. Under OpenBSD, you could assign private RFC1918 > addresses to the external interfaces, and use "carpdev" to assign a > virtual public IP, but it seems that is not possible with FreeBSD. > > If I am wrong, I hope that someone will correct my understanding. Exactly this! Want I want to know is if exists some alternative way to configure this....