Could be useful…....or not ;-)

  • As there are some hidden firewall rules I was asking myself if it shouldn't be useful to add special ones when using CARP. I'm thinking of NO NAT ones ;-)
    When using CARP I see no reasons that CARP broadcasts (directed to should be nated.
    I "think" it should be useful to hard code a no nat rule per physical interface where a CARP interface is defined. For example :
    no nat from <iface ip="">to

    Am I wrong…..have you an example where natting the VRRP broadcast should be useful ?</iface>