On Fri, Apr 18 2008 at 32:21, G?bri M?t? wrote: > Ezzel a datummal: Friday 18 April 2008 21.29.18 ezt mrta: > > On Fri, Apr 18, 2008 at 11:48 AM, Gabri Mati <[EMAIL PROTECTED]> wrote: > > > This is normal, but is there a way to make the outgoing package to have > > > the internal CARP device's address as source IP? > > > > What would this accomplish? If one of the nginx machines goes down, > > the TCP sessions won't be able to failover to the other carp peer. > > I'd prefer to see in my logs which proxy a request came from so I can > > better diagnose if a particular machine is misbehaving. > > You're right, but we need the carp'd IP for statistics on the web servers. If > one of the machines goes down then the user just have to hit the refresh > button and she has access to the content again. > Did you try to NAT the LAN interface with the carp address ? It should work for self outgoing traffic too. The problem is, if the connection is issued from the backup firewall you will lost the connection. To bypass this limitation, you can use ifstated and pf tables.
- If the LAN interface is in master mode : add the carp address to the NAT table - If the LAN interface is in backup mode : remove the carp address from the nat table Claer
