pfSense HA LAN Interfaces Only
-
@iptvcld
Your settings look well and should work this way.Then i also see a bunch as offline / active on my backup service and online / active on my master
I don't use any DHCP on CARP set ups at this time, so I cannot verify.
However, "offline" means that the machine holding the lease is actually not present in the pfSense ARP table. This seems normal as the machines doesn't communicate with the backup node in normal usage.
After you try to access the backup from one of the offline machines (e.g. ping its IP) it's state should become online. -
@viragomann
Not a problem Sir! Might be normal operation as right now i just noticed my cell phone showing online/active on both master and backup nodes (same showing) Check my phone network info and i can see it has a dhcp IP of my backup node. Again not sure if this is the way it should be working.But i will post a new thread if i can not find anything on other forums as well.
-
@iptvcld
I think, the important part is the lease state. Both nodes must be aware of all active DHCP leases. So that used IPs cannot be assigned a second time by the other machine. And that's the case as you mentioned.
Then it doesn't matter which node has issued the lease. -
-
@iptvcld
Out of curiosity, which devices are belonging to your NOT subnet? -
@viragomann
That is my Network of Things VLAN which I have Smart switch devices such as Tasmota bulbs/switches that i dont want them to reach out to the internet or other devices on my lan. They are all internal controlled/accessed devices. -
@iptvcld said in pfSense HA LAN Interfaces Only:
That is my Network of Things VLAN which I have Smart switch devices such as Tasmota bulbs/switches that i dont want them to reach out to the internet or other devices on my lan.
Ahh. I don't have such devices in my network. All I have want to access at least internet.
-
@viragomann
For that i have the Internet of Things VLAN which those devices have internet access but cannot talk to other vlans/networks on my LAN (inter-chatter) -
@iptvcld
Yes, I have an IOT subnet as well. On this only access to none-RFC1918 is allowed. -
@viragomann said in pfSense HA LAN Interfaces Only:
none-RFC1918
I have this - i guess pretty much the same; IOT can talk to each other on the same vlan but cannot chat to others outside of IOT including the firewall it self
-
@iptvcld
I use an RFC1918 alias on pfSense which simply includes all private networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).
So I'm still save, when I add or change a subnet without the need of modifying the alias. -
@viragomann
This makes sense! -
@viragomann
I was able to locate a video as per below that advises that both Master and backup nodes will share the DHCP lease information and also both hand out IP'sYouTube link at the section he talks about that..
https://youtu.be/Ac6U4xMFaxY?t=2423 -
@iptvcld
Interestingly. Didn't know that. Was assuming only the master is handing out DHCP leases and only the lease state is synced to the other node.
