Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP on WAN w/ 2 Static IPs… Need help

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    2 Posts 2 Posters 619 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      umuzidan
      last edited by

      I am given two static IPs by my ISP in my data center. Presently I have one pfsense fw setup using both. WanIP1 used for NAT outbound from LAN1 and WanIP2 used for NAT outbound from LAN2. I have configured WanIP1 to allow only OpenVPN inbound connections and WanIP2 for HTTP and HTTPS inbound to relayd running on pfsense.

      Reading here: https://doc.pfsense.org/index.php/High_Availability…. I found this "Minimum of three IP addresses per subnet (one for primary, one for secondary, one or more for CARP VIPs) -- This can be avoided on pfSense 2.2, but is still recommended."

      What I'm looking to understand is if it is possible to have another pfsense running in a hot standby mode whereas if pfsense1 crashed, pfsense2 could take over in some fashion.

      Again, at first glance, I see my limitation as only having two static public IPs available, but am curious what the note means form the link above.

      Also, if I had two static IPs available, would I direct web traffic to my new CARP WAN IP and change all my rules on pfsense to use this CARP IP as the destination IP for incoming traffic? Just looking to understand.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        You need three addresses.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.