Carp in a /30 wan subnet

falcon · Nov 5, 2007, 11:50 PM

Hello

I brought 2 6 port via machines from linitx.com and ive successfully got our WAN,DMZ,LAN setup working with 1 device.

Im wanting to install a second device in a carp setup in our wan ip range we only have two usable IPs one being used by the ISP as our gateway. we have heaps of ips in our /25 ip range for a second device.

What i was wondering tho is with the wan side of things how do i configure the second device? so that when router1 dies router2 takes over and grabs router1's wan ip address?

Just a brief overview will do, ive seen lots if you have multiple wan ips not nothing on if you only have 1 ip to play with. All traffic to our DMZ subnet is routed to router1's wan ip

falcon · Nov 5, 2007, 11:54 PM

I just found this

http://forum.pfsense.org/index.php/topic,1639.0.html

Is that what I have to do ? what are the implications of setting up your wan subnet not in the subnet you have been given ? will packets still reach for firewall ?

cmb · Nov 6, 2007, 3:31 AM

As the post you linked says, your CARP IP has to be within your WAN IP subnet. You need at least a /29 to use CARP.

This won't be true in a future version with new features of CARP upcoming, but for the next year or so this will be the case.

falcon · Nov 6, 2007, 3:43 AM

Thanks for that

SInce i made that post i have contacted our ISP and they can change our /30 to a /29 free of charge

nexus010 · Nov 6, 2007, 1:59 PM

I have been searching through this forum to try and find a solution similar to the problem above.
My situation is that I have a terminating ip and gateway from my fiber provider on one subnet and a /24 range of Ips on another
I'm using proxy arp for my vip 1to1's and can't use carp because of the same subnet issue.
As a work around could I

Tie the main ip gw to an L2 switch
Give my psfsense one of the ips in the range and use the switches IP for gw
Run my vip 1to1's with carp?

This is a production box so I hate experimenting on my customers.
Any input appreciated.
Cheers

cmb · Nov 7, 2007, 2:12 AM

nexus010: You can't use a switch's IP for a gateway. You could use CARP with your /24, but you'll have to put in a single point of failure router for the /30 so it's pretty pointless since you're trying to achieve redundancy.

You should be able to get your provider to change that /30 to a /29, though you'll probably have to change IP's, and then you can use CARP.

nexus010 · Nov 7, 2007, 3:24 AM

Thanks cmb.
After I posted I was thinking it through during the day and realized it wouldn't work and shifting the terminating ip to the same as the range of ip's I have a might make more sense.
My main focus is being able to run 1 to 1 and Squid.
My experience is showing me that squid is worth running as it improves the experience of my customers.

I have another issue posted as another topic I don't know if you can answer if you happen to glance back.

I have 2 gateways.
2 seperate company's providing. (one is the 10 Mb fiber with the ip allocation)
I'm using one or the other but I'd like to use both.
There is almost no info in the forum about load balancing .

the two gateways are on the same subnet connected by an 8km wireless link.
Can I set them up to load balance?
and can I set them up to failover using a single link ?
I'm sorry about effectivly double posting but I think you might know and I haven't found even the outline of how to set up load balancing.
Once again I'm in your debt
Cheers