From owner-freebsd-pf@FreeBSD.ORG  Wed Dec 16 19:25:23 2009
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5A8C21065695
	for <freebsd-pf@freebsd.org>; Wed, 16 Dec 2009 19:25:23 +0000 (UTC)
	(envelope-from k@kevinkevin.com)
Received: from mail-yw0-f172.google.com (mail-yw0-f172.google.com
	[209.85.211.172])
	by mx1.freebsd.org (Postfix) with ESMTP id 1FF4D8FC0C
	for <freebsd-pf@freebsd.org>; Wed, 16 Dec 2009 19:25:22 +0000 (UTC)
Received: by ywh2 with SMTP id 2so1323190ywh.27
	for <freebsd-pf@freebsd.org>; Wed, 16 Dec 2009 11:25:22 -0800 (PST)
Received: by 10.150.251.41 with SMTP id y41mr2309796ybh.247.1260991522434;
	Wed, 16 Dec 2009 11:25:22 -0800 (PST)
Received: from kevin (not.enough.unixsluts.com [76.10.166.187])
	by mx.google.com with ESMTPS id 9sm531044yxf.5.2009.12.16.11.25.20
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Wed, 16 Dec 2009 11:25:20 -0800 (PST)
From: "Kevin" <k@kevinkevin.com>
To: "'Tom Judge'" <tom@tomjudge.com>
References: <003001ca7cdc$0b530540$21f90fc0$@com>
	<4B2924D4.9010207@tomjudge.com>
In-Reply-To: <4B2924D4.9010207@tomjudge.com>
Date: Wed, 16 Dec 2009 14:25:06 -0500
Message-ID: <005301ca7e85$7a992f10$6fcb8d30$@com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Acp+fJqzUx0FFR5mR7CbU/cqTutczQAB2tUw
Content-Language: en-us
Cc: freebsd-pf@freebsd.org
Subject: RE: PF Transparent Bridge Firewall + CARP
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2009 19:25:23 -0000



> -----Original Message-----
> From: Tom Judge 
> Sent: Wednesday, December 16, 2009 1:20 PM
> To: Kevin
> Cc: freebsd-pf@freebsd.org
> Subject: Re: PF Transparent Bridge Firewall + CARP
>
>        [router]
>           |
> [------switch 1------]
>   |                |
> [FW1]--{pfsync}--[FW2]
>   |                |
> [------switch 2------]
>           |
>       [clients]


My environment would be better described as the following :

       [router]
          |
[------switch 1 [vlan1]------]
  |                |
[FW1]--{pfsync}--[FW2]
  |                |
[------switch 1 [vlan2]------]
          |
      [clients] 

Also, I'm assumine em2 is a physical interface, which I probably will have
to implement on fw2. Do you forsee problems doing this through vlans instead
of two switches?


Thanks.