Using pfsense to forward all traffic to another pfsense
-
Hello
Originally I had:
WAN -> Draytek router -> small Switch -> PFSENSE 1 -> LAN (high avail)
-> PFSENSE 2 -> LAN (high avail)I was dual NATING but it worked fine and I actually preferred having it.
I was forced to remove the Draytek, and now I have:
WAN -> PFSENSE1 -> LAN (high avail)
empty -> PFSENSE2 -> LAN (high avail) (I have to manually plug the WAN cable into PFSENSE2 when PFSENSE1 box fails)What I want to have again is a router after the WAN cable and before PFSENSE1/2, so I can have true high availability.
I was thinking on using another PFsense box for the router.
WAN -> PFSENSE ROUTER -> small switch -> PFSENSE1 -> LAN (high avail)
-> PFSENSE2 -> LAN (high avail)I tried this method above, and everything worked, except Dual Nating. I could not open ports from PFSENSE ROUTER -> PFSENSE1 -> LAN client.
Whats the best way to go at this?
I also need PFSENSE ROUTER to preserve the manual Outbound static ports defined on PFSENSE1 for voip calls to work.
-
Why don't you connect the switch to WAN directly? If you do so you can drop out one point of failure.
-
Why don't you connect the switch to WAN directly? If you do so you can drop out one point of failure.
Because CARP requires 3 addresses and my ISP only provides /30 on their subnet.
-
There is no need for the 3 addresses to be in the same subnet since version 2.2. You may set the interface addresses to a private subnet.
However, this solution prevents the backup box from accessing the internet and getting updates, cause this require the unique public IP which is occupied by the master. I don't know, if there is a workaround for that, otherwise you will have to switch the master box in "CARP maintenance mode" for updates.
However, fail-over would go automatically, so for me this would be the better solution. -
The inside boxes are running 2.1.5.
Either way, I am looking for the best way to pass all traffic from the PFsense router -> PFsense1. Dual-nating or DMZ? how to make a DMZ? isn't DMZ a port forwarding of all traffic instead of just one port?
Because my previous test of dual nating a single port failed, and I am wondering what could possibly be happening or if there is something I dont know about.
Dual nating worked well with draytek -> Pfsense1
-
You can enable UPnP, and try out. In most cases, it works.
-
I have a simular question, I just want to use both at the same time and have both access each others LAN (both have the same multiple VLAN interfaces)