The problem with not working the gateway

Reply to The problem with not working the gateway on Mon, 24 Jun 2019 13:23:46 GMT

johnpoz — Mon, 24 Jun 2019 13:23:46 GMT

Your saying stuff behind pfsense doesn't have internet.. Just at a loss to why your vip would be .6? Whenever you setup a carp or hsrp or anything where there is a vip that is moved between 2 devices.. It is almost always in sequence with the actual physical IPs

.1
.2
.3 would normally be the vip..

.252
.253
.254 would be the vip

etc..

Where did you come up with .6????

and .1 and 3 for your physical???

So if your traffic comes in from some other path and not through the cluster, and your trying to use the cluster as your gateway for the webserver - then again NO shit its not going to work..

What I would suggest you do is get 1 pfsense working... Then graduate to a HA setup.. If your going to use some other path to and from internet or other networks, then this path needs to be connected via a transit network off your pfsense box..

Again I suggest you DRAW!!! your network so we are all clear how you have everything connected..

You understand for port forwards to work you would need them to point to the wan carp VIP!! this looks like you have your pf1 and 2 in line with each other? Traffic hits your wan carp vip, and would be forwarded to your webserver IP.

dns load balancer >> pf1 - pf2 >> webservers

Reply to The problem with not working the gateway on Mon, 24 Jun 2019 06:57:03 GMT

Mnnn — Mon, 24 Jun 2019 06:57:03 GMT

I will try explain better than before thanks for your answer I have a pfsense firewall that it was cluster and behind firewall there are some of web servers when I want use this cluster I use virtual IP pfsense such as web servers gateway and after those I don't have internet ping and internet firewall if I use gateway that I use before the cluster doesn't work because this is one of the firewalls
Ip lan pfsense1 172.16.120.1
Ip lan pfsense2 172.16.120.3
Virtual ip lan 172.16.120.6(if should have other range plz tell me )
all rule s are sync and master and back up doesn't work properly big problem is that web servers traffic don't sent out right now thanks
For this I use dns load balancer
dns load balancer >> pf1 - pf2 >> webservers

Reply to The problem with not working the gateway on Sun, 23 Jun 2019 18:13:10 GMT

johnpoz — Sun, 23 Jun 2019 18:13:10 GMT

If the webserver is on your lan then its gateway would be the lan carp vip... If you have to ask such a question then you shouldn't be even touching this stuff..

How would a devices gateway be an IP on a different network???

Maybe you should ask your question in your native language section?

Your wording doesn't make a lot of sense. If you have a webserver on your lan.. How would your lan gateway IP be 192.168.1.254 if your lan for pfsense is 172.16.120..

How about you draw a picture of how you have this setup!! I gave you a link to how you would setup a carp... Are you asking about something on your wan or internet accessing your webserver via a port forward?

Reply to The problem with not working the gateway on Sat, 22 Jun 2019 23:13:42 GMT

Mnnn — Sat, 22 Jun 2019 23:13:42 GMT

For example, would i have a web server
ip gateway web server = virtual ip wan
or
Ip gateway webserver = virtual ip lan
Thanks

Reply to The problem with not working the gateway on Sat, 22 Jun 2019 22:54:04 GMT

johnpoz — Sat, 22 Jun 2019 22:54:04 GMT

Read what you wrote - how is someone suppose to understand that?

I have been doing networking for since before there was networks ;) And its gibberish!

Are you asking what the clients should use for their gateway when you setup a HA pair in pfsense?
https://docs.netgate.com/pfsense/en/latest/highavailability/configuring-high-availability.html

They would use the carp vip... Normally this would be .3 where pf1 would be .1 and pf2 would be .2 in your ha pair. on the network of your lan... Seems you have some other machine trying to use what would normally be the one of the pf IPs..

Reply to The problem with not working the gateway on Sat, 22 Jun 2019 21:13:54 GMT

Mnnn — Sat, 22 Jun 2019 21:13:54 GMT

I have multiple servers behind pfsense
And pfsense cluster
What kind of ip should I use for pfsense machine gates to get traffic from one another if one of the firewalls gets out?

Reply to The problem with not working the gateway on Sat, 22 Jun 2019 21:06:11 GMT

johnpoz — Sat, 22 Jun 2019 21:06:11 GMT

you wouldn't use a vip in a gateway.. A vip is just that a vip, Used to run multiple IPs on an interface, say for a port forward when you have more than one public IP, etc.

Not sure what your trying to do.. Just that 10.10.10.1 is what pfsense blocker uses and could conflict with whatever you think your trying to accomplish. which you have not stated.

Reply to The problem with not working the gateway on Sat, 22 Jun 2019 21:03:47 GMT

Mnnn — Sat, 22 Jun 2019 21:03:47 GMT

When I change the virtual ip
For example 172.16.1.100
And put it as the gateway , way traffic will not go out again
For Gateway Servers, do I use Virtual IP lan Address or Virtual IP wan Address?

Reply to The problem with not working the gateway on Sat, 22 Jun 2019 20:35:18 GMT

johnpoz — Sat, 22 Jun 2019 20:35:18 GMT

are you running pfblocker? that 10.10.10.1 vip is what pfbocker uses so that could be causing you some grief.