Date: Tue, 8 Oct 2019 10:20:34 -0500 From: Matthew Grooms <mgrooms@shrew.net> To: freebsd-net@freebsd.org Subject: Re: CARP and NAT question Message-ID: <a0a3a5c2-1300-b90b-3114-ae80adcf7f4d@shrew.net> In-Reply-To: <20191008134851.GP2691@home.lan> References: <20191008134851.GP2691@home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Julien, It's not clear why you are trying to assign multiple carp IP address to two different interfaces from within the same IP subnet. Are you trying to fail over a 2nd carp address or are you trying to improve throughput/redundancy? If you just want to fail over a 2nd carp address, assign a 2nd alias to your first interface. If your trying to improve throughput/redundancy, assign both interfaces to a lagg and build your carp interfaces on top of that instead. -Matthew On 10/8/2019 8:48 AM, Julien Cigar wrote: > Hello, > > I'd like to NAT outbound traffic from two different private networks > through two different interfaces, with CARP on top. I have 4 public IPS > available (193.x.x.89, 193.x.x.90, 193.x.x.91, 193.x.x.92). > > I have two redundant router/firewall running FreeBSD 12 with CARP and > PF with the following: (1) which works well, but all traffic > goes through the same interface. > > So I'd like to switch to something like (2), which will not work (lines > 5 and 13 are not valid) and I'm wondering if I could use something like > (3) ..? > > Thank you! > Julien > > (1) https://gist.github.com/silenius/4f6173a9b6690292c2174ab3bb89d292 > (2) https://gist.github.com/silenius/da9be7e74e9861fa55f927d194e3e410 > (3) https://gist.github.com/silenius/b237565b0d181248ff80ea296e5537db >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a0a3a5c2-1300-b90b-3114-ae80adcf7f4d>