HA CARP + NAT 1 to 1 (Virtual IP) - Packet loss (backup server managing response)
-
Hi everyone,
Strange issue here - we have two PFsense configured with CARP - seems to work perfectly fine.
All our server traffic goes trough the PFSense.
Without NAT rule, everything works fine - master PFSense is handling request and reponse.When we add a NAT rule 1 to 1 to one of our server in the LAN we have a HUGE problem...
- PFSense Master does the "echo"
- PFSense Backup receives the "reply" > we are then loosing 1 packet - it seems to have a cache because other packets are OK.
- It seems that the packet is lost between than WAN and the LAN
You can see the problem here
Master server
Backup server
Thank you for your help
-
Outline exactly what is where, what is pinging what, and what you think is responding erroneously.
Be specific about what IP address is what.
-
Hi,
Didn't you seen the screenshots? Everything is explained. Outgoing traffic was done by the master and incoming (reply from server) was going trough the backup.
Finaly after one week of investigation - we've found the problem.
In the Virtual IP defined (used after in NAT 1..1) we've specified the "WAN" interface instead of the WAN CARP interface
I think it would be a great idea to put this information in the troubleshooting guide.
