Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    setting up my first CARP example

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    4 Posts 2 Posters 896 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jhorne
      last edited by jhorne

      ive been using pfsense since 2008, and its so many years past due that i finally get to understand this configuration.

      for my first example, i have 2 dell servers with identical nic configuration. what i have so far on both is:

      em0 wan1
      em1 wan2
      bge0 lagg0
      bge1 lagg0
      lagg0.2557 (is my lan)
      lagg0.1616 (is my carp)

      so far, everything is working properly with synchronization. ive configured separate static IPs for each on wan1, wan2, 2557lan, and a VIP for each, and the VIPs move to the other node successfully during a fail over test.

      i have also created a NAT to a web server. so far i can only create a NAT that goes to the first VIP i created, but i created a 2nd VIP, and i am unable to setup a NAT for that one to the same web server.

      i am pretty sure this has to do with the manual outbound settings, but i cannot find anything to read concerning anything about multiple WAN VIPs and NATs for different servers.

      can anyone point me in the right direction, or know of any links i can read on a more advanced setup?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @jhorne
        last edited by

        @jhorne said in setting up my first CARP example:

        lagg0.1616 (is my carp)

        I guess, you mean sync.
        A CARP should be configured on each network segment.

        so far i can only create a NAT that goes to the first VIP i created, but i created a 2nd VIP, and i am unable to setup a NAT for that one to the same web server.

        1st VIP = wan1 VIP, 2nd VIP = wan2 VIP?

        Which pfSense version?

        J 1 Reply Last reply Reply Quote 0
        • J
          jhorne @viragomann
          last edited by

          @viragomann ah no, i didnt specify which vip to which interface.

          i had created a 2nd VIP on wan1, so that wan1 could have multiple IPs, and the 2nd wan1-VIP was not working.

          but, you did help me figure it out. when i removed the 2nd wan1-VIP and replaced it with an IP alias, in the drop down to specify which interface, lo and behold, the wan1-VIP ip was a choice. i picked that and re-used the same IP as first attempt (when i had 2 wan1-VIPS), and the NAT to the alternate IP worked, and failed over the 2nd node when i rebooted the primary.

          thanks!

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @jhorne
            last edited by

            @jhorne
            As mentioned, on each WAN you have to set up a CARP VIP. This can then be used for any services like forwarding to an internal server later.

            Additional virtual IPs on an interface have to be added as type IP alias by selecting the CARP VIP from the interface drop-down.
            So if the primary firewall is going down, the VIP moves over to the secondary, cause it's hooking up on the CARP address.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.