Troubles changing Outbound NAT to WAN CARP VIP



  • Hi all,

    Up front, I'm a newb and I'm sure that whatever is wrong has been experienced before and has a simple answer, but I'll be damned if I can find it through my searching.

    Anyways… I'm setting up a pair of XG-1540's (HA) and have been following the instructions (and recorded hangout videos) on how to setup the CARP interfaces when setting up the HA.  I've been using this as my guide:

    https://portal.pfsense.org/docs/book/highavailability/example-redundant-configuration.html#figure-ha-sync-rules

    Also, since we have gold access I've been watching some recorded hangout videos and reading more in the official documentation.

    Anyways... I'm at the part where we're instructed to change the outbound nat address on any of the rules from "WAN address" to the CARP WAN VIP.  However, when I do this, I lose internet connectivity.  DNS resolution still works but any website I goto say stuff like ERR_NO_RESPONSE or something like that.

    I've retraced my steps, started from scratch and even asked the great Google but I haven't been able to come up with a reasonable explanation as to what is going on.

    I'm wondering, what you guys think I should do to trouble shoot this?  And what are some of the common things I can look at to figure out whats going on?

    Cheers!


  • Netgate

    In Diagnostics > Ping you can set the CARP VIP as the source address. See if you can ping the ISP gateway or things out on the internet like 8.8.8.8 when doing that.

    You can also use Diagnostics > Test Port to do the same thing. See if you can connect to something like www.google.com on port 443 sourcing from the CARP VIP.

    If either of these fail, outbound NAT using that address will very likely fail too and more investigation will be necessary. Probably packet captures to see what's really going on out on WAN where the ISP device and the CARP VIPs are concerned.