Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP/HA working on WAN without any rules on interface

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    2 Posts 2 Posters 469 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TheGOP
      last edited by

      Hello, I have a question out of curiosity about CARP.

      I have configured HA on my two pfsense installations and everything works flawlessly, so no problems on this side. However, even without any rules on WAN (so all incoming connections are blocked) CARP seems to communicate on that interface with no problems, probably accepting advertisements on 224.0.0.18

      Could anyone enlighten this for me? Is this rule for CARP hardcoded?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Yes, the CARP traffic is allowed automatically. It is far too easy for user rules to break CARP unintentionally, and since it is multicast and thus only found in the local L2 segment, it is not a significant risk to allow the traffic. The automatic CARP rules also exempt CARP traffic from NAT.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.