* Harald Dunkel <[EMAIL PROTECTED]> [2008-08-20 09:43]: > Marco Fretz wrote: >> >> Bridges are layer 2, carp is layer 3 (it shares IP addresses). So carp >> can not handle this by its nature I think. Just place the both bridges >> in your LAN and you have your fail-over solution. > > Packet Filter still does stateful inspection, even in bridging mode,
and that is related to carp how? hint: not at all. > AFAIK. So both firewall hosts should be connected via pfsync on a > dedicated interface using a cross-over cable. No need to assign an > IP address, i.e. the firewall bridge is still transparent. and that is related to carp how? hint: not at all. (ok, pfsync tells carp to not take over unless the state tables are synced. but that only makes a difference when one host just boots and is about to take over, and even then you can easily live without) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
