Topics tagged under "ha carp" | Netgate Forum

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

E

NAT 1:1 configuration in HA-CARP mode

NAT
• nat carp ha carp • • empbilly

8

0
Votes

8
Posts

204
Views

E

@SteveITS said in NAT 1:1 configuration in HA-CARP mode:

For your IP alias I think /32 is wrong:

@viragomann said in NAT 1:1 configuration in HA-CARP mode:

So there is something wrong with this IP or the CARP VIP, which you should troubleshoot.
Check the logs for hints.

Hooking up the IP alias on the CARP VIP is necessary for proper failover. If you just set it on the interface it can never failover to the secondary.

Thank you both for your help!!!

I've set up a new carp just for this type of 1:1 NAT situation and I'm doing a port forward.
F

Suricata on Backup PFSense give me alerts

IDS/IPS
• suricata ha carp alerts • • farazb59

7

0
Votes

7
Posts

617
Views

S

@farazb59 The “stream” events ruleset seems to generate a lot of false positives. Consider just turning it off, which is what we do.

Curious how any traffic goes through the secondary, if it hasn’t become master?
J

CARP interfaces work separately

HA/CARP/VIPs
• ha carp • • Jakub_

16

0
Votes

16
Posts

1.1k
Views

D

@jakub_ Yes. The advertisements are sourced from the interface IP address and CARP MAC.

Not sure why you are seen advertisements from both the primary (advskew 0) and secondary (advskew 100) there.