Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Confused about HA setup

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    7 Posts 3 Posters 769 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GodAtum
      last edited by GodAtum

      Going through these tutorials:

      https://youtu.be/-1Og5ogkyZY
      https://docs.netgate.com/pfsense/en/latest/highavailability/configuring-high-availability.html#vmware-esx-users
      http://blog.thedarkwinter.com/2015/03/pfsense-ha-hardwaredevice-failover.html

      They have all slightly different steps!

      My network:

      • External internet IP: 86.xxx.xx.xxx
      • Router: 192.168.2.254
      • PFSENSE1 WAN: 192.168.2.110
      • PFSENSE1 LAN: 192.168.1.2/24
      • PFSENSE2 WAN: 192.168.2.111
      • PFSENSE2 LAN: 192.168.1.3/24
      • WAN CARP VIP: 192.168.2.112/24
      • LAN CARP VIP: 192.168.1.1/24

      Anyway, got sync to work and setup CARP. CARP status on master is MASTER and MASTER. CARP status on backup is MASTER and BACKUP.

      Trying to setup NAT Outbound but doesn't work. The instructions above are confusing, some say set up Hybrid, some Manual. So I did what Tom did and set it to Hybrid and added a mapping:

      • Interface: WAN
      • Source: 192.168.1.0/24
      • Address: 192.168.2.112 (WAN VIP)

      But my PC does not get any internet. Gateway + DNS set to 192.168.1.1

      1 Reply Last reply Reply Quote 0
      • J
        Justinjja
        last edited by

        How is everything setup physically? Modem/router - switch - 2x pfsense - switch?
        Single dynamic public IP or do you have a static IP range?

        1 Reply Last reply Reply Quote 0
        • G
          GodAtum
          last edited by

          mcmeekin_network_diagram.png

          1 Reply Last reply Reply Quote 0
          • J
            Justinjja
            last edited by

            Do you have the "Block private networks" firewall option enabled?

            DerelictD 1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              @GodAtum said in Confused about HA setup:

              Trying to setup NAT Outbound but doesn't work.

              Use manual NAT mode for an HA setup. Set the NAT address for all INSIDE sources that actually need NAT to the CARP VIP.

              What does "doesn't work" mean? Do the client hosts get ARP for 192.168.1.1? 192.168.1.2? 192.168.1.3? Can you ping it? Can they resolve DNS names? Can they ping 192.168.2.112?

              Do basic network troubleshooting hop by hop from the clients out and let us know exactly where it is "not working."

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              G 1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate @Justinjja
                last edited by

                @Justinjja said in Confused about HA setup:

                Do you have the "Block private networks" firewall option enabled?

                That only applies to connections coming into WAN in the default configuration.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • G
                  GodAtum @Derelict
                  last edited by

                  @Derelict The clients don't have internet access or able to ping 8.8.8.8. I have my client as a static IP with gateway and DNS set to 192.168.1.1.

                  I will try using manual NAT mode.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.