From owner-freebsd-questions@freebsd.org Sat Dec 5 02:20:23 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F13A3A3FDFE for ; Sat, 5 Dec 2015 02:20:23 +0000 (UTC) (envelope-from jcigar@ulb.ac.be) Received: from relay-b02.edpnet.be (relay-b02.edpnet.be [212.71.1.222]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "edpnet.email", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A9D941B2A for ; Sat, 5 Dec 2015 02:20:22 +0000 (UTC) (envelope-from jcigar@ulb.ac.be) X-ASG-Debug-ID: 1449231652-0a7b8d5081373840001-jLrpzn Received: from mordor.lan (77.109.103.53.adsl.dyn.edpnet.net [77.109.103.53]) by relay.edpnet.be with ESMTP id LAeM6VBfpAftP44D (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 04 Dec 2015 13:20:53 +0100 (CET) X-Barracuda-Envelope-From: jcigar@ulb.ac.be X-Barracuda-Effective-Source-IP: 77.109.103.53.adsl.dyn.edpnet.net[77.109.103.53] X-Barracuda-Apparent-Source-IP: 77.109.103.53 Date: Fri, 4 Dec 2015 13:20:52 +0100 From: Julien Cigar To: freebsd-questions@freebsd.org Subject: redundant firewall Message-ID: <20151204122052.GH13477@mordor.lan> X-ASG-Orig-Subj: redundant firewall MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="mtfogggI1YmpIpmy" Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) X-Barracuda-Connect: 77.109.103.53.adsl.dyn.edpnet.net[77.109.103.53] X-Barracuda-Start-Time: 1449231652 X-Barracuda-Encrypted: ECDHE-RSA-AES256-GCM-SHA384 X-Barracuda-URL: https://212.71.1.222:443/cgi-mod/mark.cgi X-Barracuda-Scan-Msg-Size: 638 X-Virus-Scanned: by bsmtpd at edpnet.be X-Barracuda-Malware-Scanned: by bsmtpd at edpnet.be X-Barracuda-BRTS-Status: 1 X-Barracuda-Spam-Score: 0.00 X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests= X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.24966 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Dec 2015 02:20:24 -0000 --mtfogggI1YmpIpmy Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello, I bought 2 Soekris 6501 in order to setup a redundant firewall (with Freebsd 10, CARP, and PF).=20 Let's say I don't need remote access to each individual boxes from the=20 WAN side, I wondered if it's really necessary to bind "real" IPs to=20 each interface involved in the CARP alias? I'm asking this because I don't have enough public IPs... Thanks! Julien --=20 Julien Cigar Belgian Biodiversity Platform (http://www.biodiversity.be) PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced. --mtfogggI1YmpIpmy Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCgAGBQJWYYUgAAoJEAi2KiTKQR5p1wgP/iiEBKBWeDZUHVNmMSr/7XxO CtPIRxnxEby+ts7OeQoESzk4wlqdocJ5BNSx2CANZ6rncG+RuZulbz0BfIkVSW/n G3gHsLeXHGF4YtnzgjwHtK5swOFpyaPl2ztLO7ivsVnCvF7Z7fdtJCKQvn4q9Vf8 X9E5xy/eujJvCHYIyOB+aXEW4RSjgFRJZX4J5COml0AZ3wixUeRpC5aMyaN7R82i +DeXwr3xElbOY7zZ9fNzh2veefJeGMO/K1NWb/uon0o8swjfdUS3Ol5Uy/o14ojL FVo11uLmrknNRlxxClaOG4BfJA15lhJrS/R5PebyqmiunPNVIJNsiR4e6FearPfI 6sXI4sYMrXQQ/SkBUBZatyh1Rq4cQxWeGJZT/JcARJu9tDwCs/OV0bg3khZCz2PQ O/tpRTDbhHQm1+mK52761y7lOlr5WQu/WJGUh7jrM34YdUy9UCL6WqI9z4vKr/La TtKbP51Hl8yXQxhvBBspyMlZ/B/kgqruTDlA4RXyjoKT8kxPUnO+xayaxi5OHAqZ 1VFG09Eeta6Aoj+aQ02vxGJgDHi0ga5dhNBJTE9fVSmi55llH4D8M3LM478qjTvb XttKHukkuak2qrmZsO0Bgax2m9nLRo+Fi61ZNePsm12PIHzsr9cbqmoxsO5vecJW +F7iZrSsvbWDL9h+73lj =zlHe -----END PGP SIGNATURE----- --mtfogggI1YmpIpmy--