PF Transparent Bridge Firewall + CARP
kevin
k at kevinkevin.com
Wed Dec 30 07:36:13 UTC 2009
> -----Original Message-----
> From: Tom Judge
> Sent: Wednesday, December 16, 2009 1:20 PM
> To: Kevin
> Cc: freebsd-pf at freebsd.org
> Subject: Re: PF Transparent Bridge Firewall + CARP
>
> [router]
> |
> [------switch 1------]
> | |
> [FW1]--{pfsync}--[FW2]
> | |
> [------switch 2------]
> |
> [clients]
I have a really stupid question. If I have a switch with 2 VLANS (one DMZ /
'outside', one internal / 'lan') and two firewalls with transparent bridging
+ PF , filtering all inbound/outbound traffic -- would I even need CARP? Is
CARP overkill?
I'm thinking in a disaster recovery scenario -- if one firewall blows up.
There's no logical master/slave relationship, but wouldn't there be minimal
(if any) downtime?
I'm starting to notice that carp doesn't play nicely with bridging , nor is
there any carpdev implementation for manually specifying physical interfaces
for the redundancy group -- especially necessary if multiple interfaces are
on the same subnet.
All I want is simple redundancy.
Suggestions / ideas / comments are welcome.
More information about the freebsd-pf
mailing list