Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VIP / CARP Question

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    2
    3
    3.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ambientIT
      last edited by

      Sorry if this is a basic question but I'm getting very confused the more I read and I'm hoping someone can set me straight. Here's what I have going on.

      I have 2 routers setup in a CARP cluster. I went through the http://olddoc.pfsense.org/index.php/Setting_up_CARP_with_pfSense documentation.

      I have 2 servers internaly that I need 1:1 NATed for hosting puropses. My question is about VIP's. From what I know, just to make the CARP cluster work I need 3 public IP's. 1 IP per real interface on the routers and one virtual to share. I have a static pool of 5 IP's on the public side which should be enough. What's the proper way to setup my VIP's and NAT so that the CARP works and I can still 1:1 NAT the other 2? I appreciate any help.

      ~Ryan

      1 Reply Last reply Reply Quote 0
      • J
        jpgator
        last edited by

        I'm not sure if it's the right way, because I'm still fairly new to this myself.  However, I've got a similar setup with half a class c that seems to be working.

        Master FW WAN Interface: Public IP (x.x.x.2)
        Backup FW WAN Interface: Public IP (x.x.x.3)

        Clustered CARP VIP: Public IP (x.x.x.4/25) (make sure the subnet you specify is correct - not single address)

        I have a webserver in my DMZ with the ip 192.168.12.10.  In order to use the CARP VIP for this webserver I have:

        • setup a 1:1 nat mapping the public ip (x.x.x.4) to the private ip (192.168.12.10)
        • setup a rule on the WAN allowing http and https traffic to the private address (the nat has already occurred so don't use public ip)

        This is pretty much it.  I have several other webservers which I'm accessing through additional carp/nat mappings setup the same as above (for each one add carp vip, 1:1 nat, and access rule).

        1 Reply Last reply Reply Quote 0
        • A
          ambientIT
          last edited by

          Ok I've figured out all of my confusion and it is working seamlessly.

          Thanks for the help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post