Could use carp if WAN use public IP?



  • Hello,
    Please see attachment.I want use public ip to carp wan ip.I also set sync ip to sync backup pfsense server.
    So,
    WAN: xx.xx.91.240
    LAN:10.168.169.254
    SYNC:192.168.1.0/24

    Could I set one wan ip address to two pfsense server?
    If can't.
    Could I need add ip share machine in front of pfsense?



  • I'm pretty sure you need three public IPs (same subnet) to use CARP.

    https://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP)



  • You can use a single public IP, with some restrictions.
    Here are some notes I took, not definitive, but they worked for me.

    Put private ips on the WAN interfaces of the primary and secondary firewalls.
    I used the public ips with a 10. for the first octet and the correct subnet mask
    If it's a /30 you may have to use .1 and .2 or something. It probably doesn't matter.
    Leave the gateway blank for now. Un-check the block private option.

    Make sure you are cabled in correctly, you may want to put the secondary in carp maintenance mode

    Add a CARP vip on the interface with the public IP.

    Add the gateway

    add an outbound nat rule, something like this-
    WAN 'this firewall' * * * (CARP IP) * NO

    Restart dpinger after adding the rule.

    Update interface with gateway.

    Gateway status should show up on primary, but will be down on secondary.

    Add port forwards and outbound nat as usual, using public carp. (Not interface address)


Log in to reply