can't reach virtual ip from LAN side
-
Hello,
I'm a begginer in pfsense and I have some issues about virtual IP :I added the following virtual IPs : LAN/WAN
Virtual Ips are of type CARP because I want to implement failover after that.
My issues is I can't reach the virtual Ip from LAN side.
strangely I can reach my virtual Ip from pfsense
My virtual Ip from LAN is working.
Anyone know how fix this ?
Thank you
-
@kerzhain said in can't reach virtual ip from LAN side:
CARP
I wonder if its a NAT issue.
Have you disabled Block private networks and loopback addresses on the WAN interface ?
-
Thanks for your answer,
yes it's already disabled in LAN and WAN interface:
from my lan side I can ping all IP except my virtual Ip lan side,
don't know what missing -
As I mentioned I think its a NAT issue.
What does a packet capture on the WAN interface show you when you filter on the 192.168.1.250 address.
Also you could look at the states and filter on 192.168.1.250.
The red arrow points to my WAN address.
-
https://www.netgate.com/docs/pfsense/book/highavailability/example-redundant-configuration.html
Check the following section:-
Configure Outbound NAT for CARP
-
Here is the configuration :
my issue is the connection between my VM and my virtual IP on LAN side.
I have nothing In diagnostics states for my virtual ip ( wan or lan ) :
maybe I need to add new NAT rules, do yo saw something wrong here ? :
DO you think I need to add NAT rules for my virtual IP ?
-
@nogbadthebad Thanks for the link , I try to reproduce these recommandations.
-
You do not need outbound NAT on LAN at all. That is just silly.
You should be able to ping both interface addresses and the CARP VIP of the connected subnet if the rules on that interface allow it.
If you can ping the interface addresses but not the CARP VIP, check the ARP table of the device you are testing from to be sure it has all three ARP entries. The interface addresses should have the interface MAC address. The CARP VIP should have the CARP MAC.
If that is all in place, be sure the switch connecting everything has the CARP MAC in its MAC address table. It should be on the switch port that is currently connected to the CARP MASTER node.
