Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HA with single WAN IP, hard to find solid info

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    4 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tiwing
      last edited by

      Hi, I've decided to run pf on a VM inside Unraid. I have two unraid boxes, and want to set up HA for fun and for spousal happiness when one unraid box goes down, but I only have a single WAN IP (dynamic) from my ISP. I understand that HA requires two IPs, and I read somewhere, wish I could find the link, that a router between the modem and the two HA machines could be used to assign two real IP addresses. I realize this is a single point of failure, but I'm OK with it - my house is not mission critical.

      Assuming my logic is sound - would I simply disable the firewall on the router in front of pfsense boxes, and keep dhcp running (but set up static assignments) ? Anything else that I should turn off? I'm using an Asus RT-N12 I had lying around for this - don't need much power in it and my internet speed is less than 100 mbps and will be for the forseeable future. ASUS router would have the address 10.0.13.1, dhcp assignment to the two pfsense boxes would be 10.0.13.2, and 10.0.13.3. pf sense assigns in the 192.168.13.x and 192.168.14.x ranges.

      I'm good with the sync interfaces running through dedicated NICs on each box through a dedicated physical switch - it's the access to internet that's messed with my mind a bit.

      Thoughts, please?

      cheers.

      1 Reply Last reply Reply Quote 0
      • T
        tiwing
        last edited by tiwing

        8e50e883-f8b0-4a87-8fc9-a223d3cb9260-image.png

        Drew a pic to see if I got it OK... ??

        Also found this guide: https://www.slideshare.net/NetgateUSA/high-availability-pfsense-hangout-june-2015 Is it still valid?

        I have identical 4 port intel NIC with all ports passed through to VM in each unraid box - 3 ports for this, plus a 4th for guest on 192.168.14.1 CARP that I didn't draw for guest network access point(s).

        1 Reply Last reply Reply Quote 0
        • T
          tiwing
          last edited by tiwing

          Figured I would update with what I came up with. It works perfectly including immediate fail-over on both LAN and GUEST networks (but openvpn does not). I hope this helps someone else with their single WAN setup.

          I should note, the ISP modem and first router is a single point of failure, but the router is basically doing nothing except DMZ to the WAN CARP, so not really concerned. It's accessible through its own wifi for if/when I need to get in.

          28819cde-4f6c-4702-b18b-46a5bfaaad89-image.png

          1 Reply Last reply Reply Quote 1
          • S
            Sinistercalling
            last edited by

            Anyway you would consider making a Video tutorial of how you got this to work ? trying to achieve the same thing but video guide exists for those of us with a single dynamically assigned IP address

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.