Re: two ip with carp

Mon, 06 Mar 2017 06:47:50 -0800 

Just create carp3 and configure it the same way as carp0, except for the
password.
No aliases what so ever. Later in pf.conf do a nat-to from dnz to carp3.

fw1# ifconfig trunk0
trunk0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:25:90:f9:74:b0
        index 7 priority 0 llprio 3
        trunk: trunkproto lacp
        trunk id: [(8000,00:25:90:f9:74:b0,403C,0000,0000),
                 (0001,1c:aa:07:01:9b:80,0001,0000,0000)]
                trunkport ix3 active,collecting,distributing
                trunkport ix0 active,collecting,distributing
        groups: trunk egress
        media: Ethernet autoselect
        status: active
        inet 155.4.x.121 netmask 0xffffff80 broadcast 155.4.x.127

fw1# ifconfig carp165
carp165: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:00:5e:00:01:a5
        description: VIP65
        index 53 priority 15 llprio 3
        carp: MASTER carpdev trunk0 vhid 165 advbase 1 advskew 0
        groups: carp
        status: master
        inet 155.4.x.65 netmask 0xffffff80 broadcast 155.4.x.127

fw1# ifconfig carp167
carp167: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:00:5e:00:01:a7
        description: VIP67
        index 75 priority 15 llprio 3
        carp: MASTER carpdev trunk0 vhid 167 advbase 1 advskew 0
        groups: carp
        status: master
        inet 155.4.x.67 netmask 0xffffff80 broadcast 155.4.x.127

fw1# cat /etc/hostname.carp165
inet 155.4.x.65 255.255.255.128 155.4.x.127 -inet6 vhid 165 advbase 1 advskew
0 carpdev trunk0 pass abc1234 description VIP65

fw1# cat /etc/hostname.carp167
inet 155.4.x.67 255.255.255.128 155.4.x.127 -inet6 vhid 167 advbase 1 advskew
0 carpdev trunk0 pass 1234abc description VIP67



> 27 feb. 2017 kl. 12:07 skrev Frank White <[email protected]>:
>
> hi,
> I have 2 firewall in cluster with carp. The following is my configuration
> (8.x.x.x are examples for wan ip):
> first firewall
> 1) bnx0 8.8.8.7 (internet)
> 2) bge0 192.168.100.2 (lan)
> 3) bnx1 pfsync
> 4) 10.1.1.2 dmz
>
> carp0 8.8.8.8 (internet)
> carp1 192.168.100.1 (gateway for the lan)
> carp2 10.1.1.1 (gateway for the dmz)
>
> now I want add the ip 8.8.8.10 to redirect all traffic from it to the
dmz...
> how should I configure it ?
> I know how to redirect the traffic with pf.. my question concern how to
> configure carp and the nic..
> for example should I create a new carp with ip 8.8.8.10 and an alias for
> the bnx0 with ip 8.8.8.11 ?

Reply via email to