Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HA CARP with one PUBLIC IP ,WORKS but no internet on backup Pfsense

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    3 Posts 2 Posters 447 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      max33
      last edited by

      HI
      I configure successfully HA cluster of 2 Pfsense .

      The Ha works as if i shutdown pf1 then pf2 takes relay and all works

      The question is when two pfsense are on (master and backup) i cannot get access of internet in backup one preventing me to upgrade pf2.

      Currently settings is that i got private ip on each pfsense for wan + one for CARP

      Then i got rules of nat in hybrid mode routing Wan to VIRTUAL IP F CARP that is Public IP.

      Any idea?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        With only one routable IP address the only node that can access the internet is the node that holds that address, which is presumably the CARP VIP.

        That is why your configuration is not recommended and is pretty much unsupported.

        Get a /29 to do HA.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • M
          max33
          last edited by

          Understood
          Thanks for taking time to respond.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.