PfSense failover… getting started
-
No, that is not possible exactly as you have it.
For proper CARP, you need three static IPs on WAN in the same subnet. However, if you were able to get those three IPs, the CARP VIP's MAC address would be constant for both machines so a portal bypass may still work for that.
Alternately, you could put a cheap SOHO-type router in front to do NAT and have your WAN static IPs be on the LAN side of the cheap router, but that just moves your single point of failure around, you wouldn't have true redundancy.
-
I'm confused why I would need three. I can see two, but where does the third one go? Also, I would like to host a web-server behind them, what ip do I submit with my domain name for dns records?
-
It's well documented in the wiki and book, each machine needs its own IP address and then they need one to share as the CARP address.
-
Ah. Okay. That's the ip for dns records… yes? And maybe a newb question, but where's the wiki? I looked over the forum home page quickly and couldn't find it.
-
It's linked in my signature. :)
-
Hey! Lookie there! Thanks!
-
I've only glanced through the wiki just now, so if you say it exists, I'll go find how to do it, but is it possible to load balance incoming and outgoing traffic through two pfsense boxes? Or is that only available for fail-over?
-
CARP is only for failover.
-
Okay. Is it possible through other means? Then I can direct my questions there.
-
It's not possible to do in any useful way. Why do you need to load balance between two firewalls at the same time?
-
I'm not sure. Just curious what all pfSense, or any router for that matter, can do.
