NAT not working on 2 x XG-7100's in HA
-
Hi folks, i'm trying to setup some XG-7100's in HA, and have pretty much got everything working, but the final step (and most important)...internet access :)
Both XG-7100's have PFSync & XMLRPC sync working fine, and CARP status is showing my master and backup accordingly.
I followed the guide and i've enabled "Manual Outbound NAT" and then set the NAT address to be the CARP VIP for the subnet i'm working on.
The WAN interfaces are connected to the internet using a small dumb D-Link Switch (DGS-1005A) as are the LAN interfaces too. Afaik these switches shouldn't be doing anything to mess around with the CARP communication.
On a laptop which is connected to the LAN switch, when i try pinging 1.1.1.1 it fails. But if i go to the LAN NAT rule and change it to "WAN Address", it pings fine.
Also when i try doing a DNS lookup, when the NAT address is set to WAN address or the CARP VIP, it fails. My DNS server is the CARP VIP. But if i change my DNS server to the address of one of the XG-7100's, it will resolve fine (Not matter what the NAT address is set to)
Any suggestions? I've read a few posts about the switch is interfering, but i don't think it's the switch.
Thanks
-
ARGH! It's always the same, you think you try everything then you post on a forum, then you go back and read the doco and find what you've done wrong.
For my NAT rule i was setting it to the LAN CARP VIP, not the WAN CARP VIP. As shown in doco and videos. Apologises.
And as for my DNS not working, i had not set the LAN CARP VIP to listen for DNS queries.
Apologises folks. All done