Carp w static ip
-
That could be an issue.
I don't know what would happen if you:
Create a gateway manually with the IP address given by your ISP. Mark it as a default gateway.
Set no gateway on your WAN interfaces.
Create the CARP VIP
as an IP Aliason the correct subnet as provided by your ISP. This should encompass the Gateway IP.Make sure all your outbound NAT uses the CARP VIP.
I just tried this (without a failover pair) and it seems to work. This "breaks" a lot of pfSense automation. Like there are no longer any Automatic Outbound NAT rules generated. But that's OK because you'd have to modify all of them to use the CARP VIP anyway.
This is very interesting. ETA: Screenshots. pfSense C on my signature diagram.
-
I was playing around with a test box and was able to do the following:
- Put a private IP on the WAN interface, left gateway empty.
- Create a CARP VIP on the WAN with a public IP.
- Go back to WAN interface, add gateway, put in public gateway IP.
- Turned on AON, set CARP IP as outbound NAT.
I've yet to put this on a live segment and test failover, but it looks promising.
-
We have here 3 public subnets, 2 /29 + 1 /28, so we waste 6 IPs just for CARP and that truly bitter.
However, we use just 1 WAN gateway.After upgrading to 2.2 I tried to assign all IF Aliases to the CARP VIP which belongs to the subnet of the only WAN gateway and delete the two WAN VIPs, I just assigned for CARP before, but pfSense didn't let me do that. It tells me, the VIPs would be still in use.
Any suggestion, what I can do, to release at least the 4 IPs of the additional subnets?
-
You might have to be more specific. I had no trouble creating this…
-
I was playing around with a test box and was able to do the following:
- Put a private IP on the WAN interface, left gateway empty.
- Create a CARP VIP on the WAN with a public IP.
- Go back to WAN interface, add gateway, put in public gateway IP.
- Turned on AON, set CARP IP as outbound NAT.
I've yet to put this on a live segment and test failover, but it looks promising.
I have tried steps list above and successed.
But I can not let outside client browse my internal web server.
Please tell me how to set up nat (port forwarding),thanks! -
Just like on any CARP setup, you need to select the CARP VIP as 'Destination' in the port-forward.
-
Just like on any CARP setup, you need to select the CARP VIP as 'Destination' in the port-forward.
Thanks for your reply.
I have test it use the CARP VIP as 'Destination' in the port-forward and it works.
But there is a strange thing with Dest. port setting,brief description as below:1.When I use port 80 (HTTP) as Dest. port and NAT port 80,client still cannot browse my web server.
2.If I use other port (like 9999) as Dest. port and NAT port 80, client will get the current page content.Is there anything I need to setup more ?
-
Make sure the webconfigurator is not listening on http. (system, advanced, admin access)
-
I found it's IP problem.
It works well when I use a real public ip rather than a private ip (I used for test).
When I use a private ip as wan ip,it's not work,even though I unchecked "Block private networks" option.Thanks again!
-
This post is deleted!
