How to do use this NAT?
-
So,If I have two web server and use 80 port.Could I use HA CARP?
-
So,If I want building carp service. It's must use three IP address and two IP address not use any service. Is it right?
-
Yes, that’s the way it’s recommended to set up CARP.
However, there are also ways to set up CARP with three private IPs and hook up the public IPs on the CARP VIP with some drawbacks.
E. g. you will have to set up a second default route over the master for the backup to reach the internet and draw updates.Another way to use to webserver is to run HA proxy on pfSens and let it do the spreadind.
-
If I have three wan ip.
IP is 1.2.3.4~1.2.3.6 and gateway is 1.2.3.254
I want use 192.168.13.2~192.168.13.4 these private ip to set it.
Could you tell me how to do it?
Thanks a lot. -
For now, I had only set up something like that for a second WAN, where the backup WAN connection was given by the first WAN.
This may look like this:
pfSense 1: 192.168.13.2
pfSense 2: 192.168.13.3
CARP VIP: 192.168.13.4Then go to Firewall > Virtual IPs and add 1.2.3.4 to the WAN CARP VIP as „IP alias“. Set the correct mask (/24, I guess). Do the same with your other public IPs.
Go to System > Routing > Gateways and add 1.2.3.254 as a gateway to WAN and set it as default.
Go to Firewall > NAT > Outbound, switch to manual mode and edit the rules for your internal subnets and for pfSense itself to translate outbound packets to one of your public IPs, e.g. the CARP VIP.Now your WAN interface should work in CARP mode and your public addresses should be reachable from the internet. However, the backup will not be able to draw updates.
-
So, I should set 192.168.13.2 to pfsense1 wan interface and 192.168.13.3 to pfsense2 wan interface.
Then I set 192.168.13.4 to Firewall--Virtual IPs--CARP.
And 1.2.3.4 this IP set on Firewall--Virtual IPs--IP Aliases. Is it correct? -
Yes, for 1.2.3.4 and all other public IPs select type "IP Alias" and at interface select "192.168.13.4", which is the CARP VIP.
-
Hello,
Thank you teach us.
I want know two question.
WAN interface I has set 192.168.13.2.The upstream gateway should be set none. Is it correct?
Outbound NAT the NAT address set should use public ip address e.g. 1.2.3.4. Is it correct? -
If it is a WAN and you want it to act like a WAN you should set the upstream gateway on the interface.
-
@viragomann
WAN interface I has set 192.168.13.2.The upstream gateway should be set none. Is it correct?
Outbound NAT the NAT address set should use public ip address e.g. 1.2.3.4. Is it correct? -
@Derelict
Thanks a lot.
Because I will set private ip on wan. So I need understand this setup.Thanks a lot. -
-
@Derelict @viragomann Thanks all friend.
But it's can't monitor internet ip status if I set private ip on wan. Right?
I want know if I use multi wan with carp. What do I want to know? -
You can configure the gateway monitoring to use an alternative (public) IP.
Edit the gateway settings in System > Routing > Gateways and enter a public IP which responses to ICMP into the "Monitor IP" box. -
@viragomann I has use alternative (public) IP like 1.1.1.1 this ip address to monitor.I also test diag--ping to test wan. It's can ping to 1.1.1.1 this ip address.But it's always show offline.How to set monitor ip use ICMP?
-
Monitor pings every half-second by default. This is an ICMP echo request looking for an echo reply. Not sure what you're asking.
-
My Wan is set private ip use 192.168.15.2/24 and set gateway is 61.220.69.254. This gateway ip is true. And I can ping to anywhere. But monitor always show offline.
-
Then pings to the monitor IP address are not being returned.
-
@Derelict So if I use private ip at WAN interface. The monitor is show offline is normal?
-
Yes. That is why you need three routable IP addresses to do HA correctly. Else only the node that holds the CARP address can access the internet.
If it is worth HA it is worth doing correctly.
