Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dual wan + carp feature clarification/request

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    5 Posts 4 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Royce3
      last edited by

      I'd like to configure both carp and dual-wan so that I have no single point of failure.

      However, when configuring outbound nat I have to set it to wan1's carp ip for auto-failover to work. Unfortunately it appears this setting would preclude the ability for nat to go out of wan2 in case wan1 goes down. Now, I don't mind losing the auto-failover in case of a router failure ( which is probably not going to happen very often ), but it sure would be nice to have it and still be able fail-over to secondary wan if primary wan goes down.

      Is there some way outbound nat could be made aware of Load Balancer Pools and switch the translation address to the carp ip of the interface that is currently active?

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Just add a second outbound NAT rule for the same internal subnets to be translated to your WAN2 CARP IP. The Gateway you choose for the traffic at firewall rules determines which interface is used, not the advanced outbound nat rule. theoretically you can use it for policybased routing and/or loadbalancing too this way. However, I haven't tested loadbalancing and CARP together yet.

        1 Reply Last reply Reply Quote 0
        • B
          billm
          last edited by

          @hoba:

          Just add a second outbound NAT rule for the same internal subnets to be translated to your WAN2 CARP IP. The Gateway you choose for the traffic at firewall rules determines which interface is used, not the advanced outbound nat rule. theoretically you can use it for policybased routing and/or loadbalancing too this way. However, I haven't tested loadbalancing and CARP together yet.

          No reason it shouldn't work.

          –Bill

          pfSense core developer
          blog - http://www.ucsecurity.com/
          twitter - billmarquette

          1 Reply Last reply Reply Quote 0
          • J
            jmhoms
            last edited by

            Hi,

            (with pfsense 1.0.1) when i try to setup a wan1 or wan2 carp address in a load balace pool as gateway, i get the following errors in the system logs :

            kernel: arpresolve: can't allocate route for x.x.x.x
            kernel: arplookup x.x.x.x failed: could not allocate llinfo

            i added a gateway policy in the lan but the balancer doesnt seem to work … (all the traffic goes out by the wan1, if i stop wan1, the traffic doesnt go trhru wan2, instead i loose conectivity)

            i don't see a mac in the carp interfaces, so the error have some logic coming from arp*, but you seem to have working setups with this schema,

            so what do you think ?

            thanks !

            1 Reply Last reply Reply Quote 0
            • H
              hoba
              last edited by

              http://faq.pfsense.com/index.php?action=artikel&cat=1&id=167&artlang=en&highlight=arp

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.