Confused about HA setup
-
Going through these tutorials:
https://youtu.be/-1Og5ogkyZY
https://docs.netgate.com/pfsense/en/latest/highavailability/configuring-high-availability.html#vmware-esx-users
http://blog.thedarkwinter.com/2015/03/pfsense-ha-hardwaredevice-failover.htmlThey have all slightly different steps!
My network:
- External internet IP: 86.xxx.xx.xxx
- Router: 192.168.2.254
- PFSENSE1 WAN: 192.168.2.110
- PFSENSE1 LAN: 192.168.1.2/24
- PFSENSE2 WAN: 192.168.2.111
- PFSENSE2 LAN: 192.168.1.3/24
- WAN CARP VIP: 192.168.2.112/24
- LAN CARP VIP: 192.168.1.1/24
Anyway, got sync to work and setup CARP. CARP status on master is MASTER and MASTER. CARP status on backup is MASTER and BACKUP.
Trying to setup NAT Outbound but doesn't work. The instructions above are confusing, some say set up Hybrid, some Manual. So I did what Tom did and set it to Hybrid and added a mapping:
- Interface: WAN
- Source: 192.168.1.0/24
- Address: 192.168.2.112 (WAN VIP)
But my PC does not get any internet. Gateway + DNS set to 192.168.1.1
-
How is everything setup physically? Modem/router - switch - 2x pfsense - switch?
Single dynamic public IP or do you have a static IP range? -
-
Do you have the "Block private networks" firewall option enabled?
-
@GodAtum said in Confused about HA setup:
Trying to setup NAT Outbound but doesn't work.
Use manual NAT mode for an HA setup. Set the NAT address for all INSIDE sources that actually need NAT to the CARP VIP.
What does "doesn't work" mean? Do the client hosts get ARP for 192.168.1.1? 192.168.1.2? 192.168.1.3? Can you ping it? Can they resolve DNS names? Can they ping 192.168.2.112?
Do basic network troubleshooting hop by hop from the clients out and let us know exactly where it is "not working."
-
@Justinjja said in Confused about HA setup:
Do you have the "Block private networks" firewall option enabled?
That only applies to connections coming into WAN in the default configuration.
-
@Derelict The clients don't have internet access or able to ping 8.8.8.8. I have my client as a static IP with gateway and DNS set to 192.168.1.1.
I will try using manual NAT mode.