Failover&High Aviability
-
@viragomann
Look please -
-
@aslanov
So you got a private IP and gateway from your ISP, not a public one as you stated.Maybe you've messed some up with your outbound NAT.
There's a rule needed on WAN interface for source 127.0.0.0/8 translating packets to WAN address. Have you deleted that or edited it? -
The rule is created on pfsense master. On pfsense backup it appears automatically.
-
@Pavel88 said in Failover&High Aviability:
The rule is created on pfsense master. On pfsense backup it appears automatically.
Exactly.
But I wrote, the translation address has to be "WAN address" not something else. -
@viragomann said in Failover&High Aviability:
Exactly.
But I wrote, the translation address has to be "WAN address" not something else.It did not help
-
Consider that that rule has to be placed on top of the WAN rules, otherwise your other rules allowing any to any will hit the traffic.
-
@viragomann said in Failover&High Aviability:
Consider that that rule has to be placed on top of the WAN rules, otherwise your other rules allowing any to any will hit the traffic.
That's cool! GW is online, but only if I'm making a rule for any. GW online, but CARP does not work. If you disable master pfsense. Internet is disconnected. -
You need both rules if your Outbound NAT is in manual mode. Is it?
However, in the second rule for the source any, the translation address has to your CARP VIP. -
@viragomann
In the case of the second rule of any addresses on the CARP VIP again gw offline.