Multiple IPs / CARPs on the LAN Interface

eri--

Try next snapshot it should allow you to do that.
Previously it was not allowed to use ip aliases for carp.

nastraga

ermal,

Thanks for this  ;D

hegar

Thanks, Ermal,

Well, the next didn't but the current does. Many thanks for helping!

Follow-up question:
True or false: I cannot set CARP: 10.1.1.65/27 but must set /24, though the Inet alias has a /27 ??

I'm suspecting this is meant with the CIDR Remark on that page, but this isn't quiet clear to me..  :(

Many thanks,
HP.

jimp

The CARP VIP subnet mask should match the subnet mask of the place it's being used. It's possible that the input validation is checking the interface's subnet mask and not the IP alias' subnet mask.

hegar

It's possible that the input validation is checking the interface's subnet mask and not the IP alias' subnet mask.

… which I consider to be incorrect ...
IMHO the CARP should be in the same subnet as the corresponding ip alias - and this stipulates having the same subnet mask...

Or am I wrong?  ??? ::)

jimp

You are right, the input validation probably needs adjusted.

hegar

:) Thanks Jim!
Last annoyance for today: Should I post this in the Redmine Bug List or is it good enough you know about?

jimp

There was already a ticket for it in redmine, just update that ticket with your new information.

hegar

Wilco, Thanks a lot for your fast help!

Highly appreciated!

eri--

I think that you are using the wrong interface for this.
Please show the steps to reproduce this.

hegar

confused
What do you mean with "wrong interface"? Web instead of CLI? Wrong ethernet port?

Background: Used on i386 (primary) and ALIX2 (backup), I am describing only the i386 setup here.
ok these are my steps:
1. Basic setup CLI:

• Define Interfaces (WAN, LAN, OPT1). OPT1 intended to use for
• WAN IP (static only for now), LAN IP (192.168.254.253/24), Hostname etc.
  2. Setup by Webinterface
• Disable NAT
• Enable private Networks
• Firewall / Virtual IPs / define CARP 192.168.254.1/24 on LAN
• Firewall / Virtual IPs / define IP Alias 10.1.1.93/27 on LAN  <– TYPO CORRECTED 20100903
• Firewall / Virtual IPs / define CARP  10.1.1.65/27 on LAN <- FAIL, only works with /24

How I had planned to continue

• Setup OPT1 with a /30 for pfSync
• Setup WAN CARP
  -  Setup Fw Rules
  etc. etc.

eri--

Your ipalias is the same as you carp vip ip?! Do you expect this to work?

eri--

I found the problem.
Should be ok on latest snaps.

hegar

@ermal:

Your ipalias is the same as you carp vip ip?! Do you expect this to work?

Sorry, there was a typo on the Alias, corrected now.

BTW: I was unable to retrieve the redmine ticket #, so I couldnt update it there. Apologies!

==
I just tried out another possible scenario:
Set up the pfsync AND the /27 subnet on OPT1.
Loosing the (my!!) preference of a dedicated pfsync interface, but this seems to work…