CARP on WAN w/ 2 Static IPs… Need help

  • I am given two static IPs by my ISP in my data center. Presently I have one pfsense fw setup using both. WanIP1 used for NAT outbound from LAN1 and WanIP2 used for NAT outbound from LAN2. I have configured WanIP1 to allow only OpenVPN inbound connections and WanIP2 for HTTP and HTTPS inbound to relayd running on pfsense.

    Reading here:…. I found this "Minimum of three IP addresses per subnet (one for primary, one for secondary, one or more for CARP VIPs) -- This can be avoided on pfSense 2.2, but is still recommended."

    What I'm looking to understand is if it is possible to have another pfsense running in a hot standby mode whereas if pfsense1 crashed, pfsense2 could take over in some fashion.

    Again, at first glance, I see my limitation as only having two static public IPs available, but am curious what the note means form the link above.

    Also, if I had two static IPs available, would I direct web traffic to my new CARP WAN IP and change all my rules on pfsense to use this CARP IP as the destination IP for incoming traffic? Just looking to understand.

  • LAYER 8 Netgate

    You need three addresses.

Log in to reply