can't reach virtual ip from LAN side
-
Hello,
I'm a begginer in pfsense and I have some issues about virtual IP :I added the following virtual IPs : LAN/WAN
Virtual Ips are of type CARP because I want to implement failover after that.
My issues is I can't reach the virtual Ip from LAN side.
strangely I can reach my virtual Ip from pfsense
My virtual Ip from LAN is working.
Anyone know how fix this ?
Thank you
-
@kerzhain said in can't reach virtual ip from LAN side:
CARP
I wonder if its a NAT issue.
Have you disabled Block private networks and loopback addresses on the WAN interface ?
-
-
-
https://www.netgate.com/docs/pfsense/book/highavailability/example-redundant-configuration.html
Check the following section:-
Configure Outbound NAT for CARP
-
-
@nogbadthebad Thanks for the link , I try to reproduce these recommandations.
-
You do not need outbound NAT on LAN at all. That is just silly.
You should be able to ping both interface addresses and the CARP VIP of the connected subnet if the rules on that interface allow it.
If you can ping the interface addresses but not the CARP VIP, check the ARP table of the device you are testing from to be sure it has all three ARP entries. The interface addresses should have the interface MAC address. The CARP VIP should have the CARP MAC.
If that is all in place, be sure the switch connecting everything has the CARP MAC in its MAC address table. It should be on the switch port that is currently connected to the CARP MASTER node.