Issue with CARP in DNSBL

KKIT

Thanks for your reply,

I have seen this feature (see attached image) that implies that setting it to "CARP" is for clustered routers, which is the case with my setup.

I basically just wanted to ask for documentation. Do you suggest it should be left on IP Alias?

Thanks again!

CARP_Setting

viragomann

@kkit
This IP is used to direct unwanted destination traffic to it. So it's not indispensable at all.

If you take an IP alias it is assigned to an interface. When clients traffic is directed to it in case of a failover, clients which have already an ARP entry for it will fail to access the IP till the ARP is renewed.
When using a CARP VIP the MAC stays the same after a failover and clients can access it without interrupts.

So yes, you can select CARP VIP here.

KKIT

@viragomann

I understand the basic functionality and that's what I tried to do.
But as mentioned in my main post, after switching to CARP, the DNSBL Service goes down and I can't get it to work. I already followed other posts which suggested a collision with the pfSense GUI port, since DNSBL Web Service is listening http and https.

I don't know what else I can do.

viragomann

@kkit
Did you state a unique VHID and a password?

Something in the system log?

KKIT

@viragomann

Will check in the evening when I'm back and let you know. Thanks much

KKIT

@viragomann

So:
I made sure the pfSense GUIs port is different from the one DNSBL Web Server listens to
I gave the CARP VIP a unique VHID
I checked the system log but nothing major, the last one was "pfblockerng: saving dnsbl changes". No errors and XMLRPC does successfully synchronize everything