NetGear Router can't use Carp
-
Hi, Firstly love pfsense. Currently have multi-wan with 2 routers. One accepts incoming connections and dmz's them to the pfsense box.
Recently added in another gateway so I have gateway-1 and gateway-2 that are used for failover using Carp. This all works really well with one exception.
The Wan carp interface that would accept the incoming connections doesn't seam to work right. If on the netgear router I give it the ip in the DMZ section then it fails to pass the connections on to the gateway.
So DMZ network,
Router: 172.16.0.1
Gateway-1: 172.16.0.2
Gateway-2: 172.16.0.3
Wan-Carp: 172.16.0.244So when the dmz on the router is set to 172.16.0.2 all works well for incoming. If its set to 172.16.0.244 nothing works.
The carp interfaces show as working and master/slave respectively and work well on the two internal lans.
Is this an issue with the router not being able to use the Carp interface, is that possible? or have I messed up the config somewhere?
Any help much appreciated.
-
Right so had a rummage in the log files and worked out what the problem was.
Block Sep 8 15:41:43 WAN xxx.xxx.xx.xx:535 172.16.0.244:80The port-forwarding rules that I had setup in NAT were only allowing connections from the "interface address" ie. the real ip of gateway-1 or gateway-2's Wan interface.
Selected to allow from the wan-carp interface "172.16.0.244" and all is now working well.
Sorry for spamming forum, hopefully someone might find it useful at some point.