How to do use this NAT?
-
Yes, for 1.2.3.4 and all other public IPs select type "IP Alias" and at interface select "192.168.13.4", which is the CARP VIP.
-
Hello,
Thank you teach us.
I want know two question.
WAN interface I has set 192.168.13.2.The upstream gateway should be set none. Is it correct?
Outbound NAT the NAT address set should use public ip address e.g. 1.2.3.4. Is it correct? -
If it is a WAN and you want it to act like a WAN you should set the upstream gateway on the interface.
-
@viragomann
WAN interface I has set 192.168.13.2.The upstream gateway should be set none. Is it correct?
Outbound NAT the NAT address set should use public ip address e.g. 1.2.3.4. Is it correct? -
@Derelict
Thanks a lot.
Because I will set private ip on wan. So I need understand this setup.Thanks a lot. -
-
@Derelict @viragomann Thanks all friend.
But it's can't monitor internet ip status if I set private ip on wan. Right?
I want know if I use multi wan with carp. What do I want to know? -
You can configure the gateway monitoring to use an alternative (public) IP.
Edit the gateway settings in System > Routing > Gateways and enter a public IP which responses to ICMP into the "Monitor IP" box. -
@viragomann I has use alternative (public) IP like 1.1.1.1 this ip address to monitor.I also test diag--ping to test wan. It's can ping to 1.1.1.1 this ip address.But it's always show offline.How to set monitor ip use ICMP?
-
Monitor pings every half-second by default. This is an ICMP echo request looking for an echo reply. Not sure what you're asking.
-
My Wan is set private ip use 192.168.15.2/24 and set gateway is 61.220.69.254. This gateway ip is true. And I can ping to anywhere. But monitor always show offline.
-
Then pings to the monitor IP address are not being returned.
-
@Derelict So if I use private ip at WAN interface. The monitor is show offline is normal?
-
Yes. That is why you need three routable IP addresses to do HA correctly. Else only the node that holds the CARP address can access the internet.
If it is worth HA it is worth doing correctly.
-
Hello, I have two wan interface. I has set private ip on two wan interface. It's can ping outgoing on pfsense. I has set default gateway. But client pc only go default gateway to internet. If client pc set outbound NAT to none default gateway. It's can't go to internet. How to set up it?
-
No idea based on that description. Sorry. Please post more details.
-
Sorry.
WAN1 -- 192.168.15.2/24 and gateway set to 1.2.3.254
WAN1 have five CARP IPs.
WAN2 -- 192.168.20.2/24 and gateway set to 5.6.7.254
WAN2 have file CARP IPs.
LAN1 -- 192.168.0.0/24
LAN2 -- 192.168.10.0/24
Outbound NAT set LAN1 to WAN2 CARP IP. Set LAN2 to WAN1 CARP IP.
I set default gateway as WAN2.
It's only LAN1 user can go to internet. LAN2 user can't go to internet.
If I set default gateway is WAN1.
It's only LAN2 user can go to internet. LAN1 user can't.
How to set it? -
You do not route traffic with Outbound NAT rules. You route traffic with policy routing rules.
Set your Outbound NAT for all inside source addresses on both WANs to the proper CARP VIP.
Policy routing determines what traffic flows out which interface.
https://docs.netgate.com/pfsense/en/latest/book/multiwan/policy-routing-configuration.html#policy-routing-configuration
-
So in addition to setting the Outbound NAT to the CARP IP, also set the Gateway in LAN1 and LAN2's Rules, right?
-
Hello,
I has set finish all WAN and LAN setting and success it. But I have another problem. I set openvpn on it and click on redirect ipv4 gateway this option. But when client connect openvpn server. It's can't go to internet. If I click off redirect ipv4 gateway. It's can go to internet. But it's use original IP. I has set firewall rules all allow for OPENVPN tab. Could any loss another setting?