Date: Thu, 19 Jul 2007 15:05:16 -0500 From: David DeSimone <fox@verio.net> To: freebsd-pf@freebsd.org Subject: Re: pf and proxy arp Message-ID: <20070719200515.GA12028@verio.net> In-Reply-To: <469E8445.6080201@uffner.com> References: <469E8445.6080201@uffner.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Uffner <tom@uffner.com> wrote: > > on redundant CARP firewalls where it is not obvious how the shell can > determine the shared MAC address of carpN and presumably only the the > box with the fastest heartbeat should be proxying unless it goes down. The MAC used for CARP interfaces is 00:00:5e:00:01:<vhid>, where the last octet is the vhid for the interface. You should be able to simply configure both firewalls to respond with the virtual MAC for any CARP interfaces. Any ARP clients which ask will receive the same answer. It should not be a problem that both firewalls respond to any arp request since they are serving the same information. - -- David DeSimone == Network Admin == fox@verio.net "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFGn8P7FSrKRjX5eCoRAhiaAJ9Wk6xpP72LtevGQ+5/QodTPM42NwCfWjb6 FSAuWEpptwXUUvhq/I2/pWk= =h1bz -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070719200515.GA12028>