To add more to the description currently: 1. There isa VIP (Carp/LAN) setup 10.0.0.3 2. Load balancer is configured on LAN 10.0.0.3 3. Everything IS WORKING from my workstation that's vpn'ed in. IE. I can connect to the LB system at 10.0.0.3 from my vpn'ed machine Now I just have to be able to connect to the LB IP from a machine located at say 10.0.0.4.

Interesting. I was thinking of the same thing. But i was just gonna let The Master PFsense connect to one switch with one cable, and the Slave Pfsense connect to the other switch. Isn't carp set up such that if the connectivity of the LAN interface fails(i.ex switch failure), it will make the pfsense-slave take over? The you would just fix the switch, add it back to stack, and promote the original master again? That's how I thought i worked. But I'm asking more than telling you. I haven't bought my equipment for this project yet and ProCurve switches AND pfsense is totally new to me. hehe Please let me know how this turns out for you. I'm interesting in hearing your experiences since this sounds similar to what i'm trying to do.

You can't sync proxy ARP VIPs between CARP nodes, it would cause an IP conflict. If the IPs are in the same subnet as WAN, use CARP VIPs. If they are in a different subnet, have your ISP route the other subnet to your WAN CARP VIP and use the 'other' VIP type. On 2.0 you could also add an IP alias inside the second subnet on both boxes and then setup CARP VIPs for the remaining IPs.

Yep, that's correct.

I have resolved this issue. It appears the comcast modem just needed to be rebooted.

Ok that clarifies things. Thanks for the quick reply

No, it wouldn't have much to do with a sync failure. CARP heartbeats happen on the interfaces where the VIPs reside, i.e. a CARP VIP on WAN sends its heartbeats on WAN. XMLRPC sync happens over the sync interface, it only handles configuration. pfsync only happens over the sync interface, it only synchronizes states (insertions, deletions, etc) So a problem with CARP on WAN is nearly always a problem with the switch or connectivity on WAN.

Virtual-IPs term can be deceiving. Its not like your virtual IPs. Virtual IPs under pfsense are public/real world IPs that you can bind on your WAN interface ~~. Ofcourse if you are using internal virtual IPs then you can bind them as well. But to clear the confusion, think of virtual IPs as real world IPs in your scenario.  :D~~

One word "Bridge"  ;D

32 means just 1 IP. 24 means the whole subnet. Try breaking apart your subnet and use individual definitions.

I have 12 public IPs as virtual IPs using pARP and they have been working since 4 months without any issue at all. pARAP is pretty neat if you ask me.

Click "firewall" then click virtual IPs. Add your second IP there. Dont forget to add rules under NAT if you want to do forwards and stuff.

1. Bitmask settings is very important. Make sure you have the correct bit defined. 2. Try using a different INTERNET connection to access ( aka outside access not access through LAN ) 3. True you have portforward ( inbound rules ) defined but did you also define the outbound rules under NAT?? Please confirm and get back to this thread.

Great. Thanks for clearing this up for me. -Sean

That isn't a gateway in the traditional sense. What you want is manual outbound NAT. Firewall > NAT, Outbound tab. Switch to manual, and then edit rule for LAN2, and choose the .20 IP for the translation address.

For most packages that will work fine. The package settings do not sync in most cases, so for those it will act like two isolated systems.