Date: Wed, 16 Feb 2011 11:01:53 -0500 From: "kevin" <k@kevinkevin.com> To: "'Damien Fleuriot'" <ml@my.gd>, <freebsd-pf@freebsd.org> Subject: RE: Questions about PF + Multiple gateways + CARP on a public ip network Message-ID: <00cf01cbcdf2$d54f6100$7fee2300$@com> In-Reply-To: <4D5BD4E6.90605@my.gd> References: <00a401cbcd3d$fe313d10$fa93b730$@com> <4D5BD4E6.90605@my.gd>
next in thread | previous in thread | raw e-mail | index | archive | help
>If you have only 1 upstream interconnection, this won't be a problem for >you. These boxes are in a collocation facility, in a data center. There are multiple upstream providers, but I am using the data center's default gateways for each allocated subnet. So I imagine the routing to the multiple upstreams would be done after being routed via their gateway. > Wait do you want to route or to NAT ? I want to route. I don't want to nat. My mistake for misleading. Each device behind this firewall is a dedicated server in a data center. They need to transparently maintain connectivity to the outside world and from the outside world. > I think it all depends on whether you have multiple upstream connections > or not, as I pointed out above. I suppose I would have to confirm this with my data center's networking department. I would imagine that it would be standard practice for them to handle the multiple upstreams themselves. To give you a little background, I am currently utilizing two transparent bridging firewalls at the moment. Unfortunately one of the firewalls will completely lock up with no console messages if they both are on. The idea is to employ carp + pf to maintain some sort of automated failover mechanism instead of a cold standby. At the same time I don't want to change the architecture of my internal network more than perhaps modifying the default gateways configured on each device. Your help is appreciated, Kevin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00cf01cbcdf2$d54f6100$7fee2300$>