Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Tags
    3. ha carp
    Log in to post
    • All categories
    • empbillyE

      NAT 1:1 configuration in HA-CARP mode

      Watching Ignoring Scheduled Pinned Locked Moved NAT nat carp ha carp
      8
      0 Votes
      8 Posts
      781 Views
      empbillyE

      @SteveITS said in NAT 1:1 configuration in HA-CARP mode:

      For your IP alias I think /32 is wrong:

      @viragomann said in NAT 1:1 configuration in HA-CARP mode:

      So there is something wrong with this IP or the CARP VIP, which you should troubleshoot.
      Check the logs for hints.

      Hooking up the IP alias on the CARP VIP is necessary for proper failover. If you just set it on the interface it can never failover to the secondary.

      Thank you both for your help!!!

      I've set up a new carp just for this type of 1:1 NAT situation and I'm doing a port forward.

    • F

      Suricata on Backup PFSense give me alerts

      Watching Ignoring Scheduled Pinned Locked Moved IDS/IPS suricata ha carp alerts
      7
      0 Votes
      7 Posts
      1k Views
      S

      @farazb59 The “stream” events ruleset seems to generate a lot of false positives. Consider just turning it off, which is what we do.

      Curious how any traffic goes through the secondary, if it hasn’t become master?

    • Jakub_J

      CARP interfaces work separately

      Watching Ignoring Scheduled Pinned Locked Moved HA/CARP/VIPs ha carp
      16
      0 Votes
      16 Posts
      2k Views
      DerelictD

      @jakub_ Yes. The advertisements are sourced from the interface IP address and CARP MAC.

      Not sure why you are seen advertisements from both the primary (advskew 0) and secondary (advskew 100) there.