From owner-freebsd-questions@FreeBSD.ORG Tue Aug 1 15:05:28 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ACC5416A4DA for ; Tue, 1 Aug 2006 15:05:28 +0000 (UTC) (envelope-from ds@hacked.com.br) Received: from web22.poli.usp.br (web22.poli.usp.br [143.107.106.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0792F43D45 for ; Tue, 1 Aug 2006 15:05:23 +0000 (GMT) (envelope-from ds@hacked.com.br) Received: from [172.20.0.21] ([201.43.174.173]) by web22.poli.usp.br over TLS secured channel with Microsoft SMTPSVC(5.0.2195.6713); Tue, 1 Aug 2006 12:05:20 -0300 Message-ID: <44CF6DAA.3070303@hacked.com.br> Date: Tue, 01 Aug 2006 12:05:14 -0300 From: Vinicius Vianna User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: Rafael Aquino , freebsd-questions@freebsd.org References: <20060801135326.M28129@bsdserver.com.br> In-Reply-To: <20060801135326.M28129@bsdserver.com.br> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 01 Aug 2006 15:05:20.0793 (UTC) FILETIME=[E8337890:01C6B57B] Cc: Subject: Re: carp and nat X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Aug 2006 15:05:28 -0000 Hi, Your network layout would help in this but anyway. The carp on the external interface should be used to the external router know what firewall to send your incoming packets, and the carp on the internal interface to the same thing on you LAN. You can check with route(8) what interface is being used to route your packets, so you will know what interface the nat should run on pf, in my machines i have used the nat on the external interface, so as they are the route to the external world, but this was on OpenBSD, it should be the same on FreeBSD. HTH, Vinicius Rafael Aquino wrote: > Hi there, > > I started to configure two firewall to work with carp+pfsync. > > I got everything done and working, but it seems thant I can't make > nat on pf work properly. > > Just to know: does nat on pf work fine when using carp? > Do I have to do the nat on the carp interface or on the physical > interface? > > Thanks! > > -- > Rafael Mentz Aquino > BSDServer Ltda. > 51 - 9847 8825 > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >