Use spare interfaces as a switch

Ozzik

Hi,
I'm building a CARP setup. It involves one main pfSense as a main firewall and two pfSense boxes as redundant routers (routers being the only ones in the CARP setup).
I need to connect both of the routers to the main firewall in order to have a CARP interface, that means I need to go through a switch, but my question is whether this can be bypassed. I mean, if I have two spare interfaces in the firewall box - can I somehow use them as a switch for CARP interface from the routers?

maybe with LAGG interface somehow?

thanks.

GruensFroeschli

~~This would defeat the purpose of CARP….

Of course it would technically work, but then if you have a hardware failure, the backup would fail as well. (Since it's "switched" over the failing machine)~~

Maybe i'm missreading.

Are you talking about such a setup?

pfSense(Firewall)
                      |
                      |
                   Switch
                  /        
                 |           |
pfSense(Router)       pfSense(Router)

eri--

No you cannot since carp does not support this and it runs on the interface where the link connects.

Though its considered a feature because you do not need teh extra hardware.
Really carp does not add that much traffic to the network.

Nobody plans to do this unless someone asks for it through paid development!

Ozzik

Maybe i'm missreading.

Are you talking about such a setup?

pfSense(Firewall)
                      |
                      |
                    Switch
                  /       
                  |          |
pfSense(Router)      pfSense(Router)

yes, exactly. I realize that the firewall would be a single point of failure.
With every cheap router of $50 you usually get a 4-ports switch/hub and I was wondering if there's a way to this with pfSense.

rcfa

Even outside the CARP setup this woult be useful.
My Lanner box e.g. has 6-NICs built-in. I need one for LAN, one for WAN, maybe one for a guest WiFi AP/DMZ.

That leaves me with three unused NICs, which all could be assigned to LAN use. If all four LAN NICs could be on the same IP and act like a switch, I could save one switch in the basement, with all the power and cable mess that would go away with that.

Not a top priority, but certainly a nice-to-have feature, cause right now the extra NICs are just potential homes for spiders (the 8-legged non-electronic kind)

eri--

Bridge?!

Ozzik

ermal,
if so, then what I want is possible? I just need to bridge the two interfaces?