Help understanding outbound NAT for VLANS and CARP Failover
-
Hi all
Im new to PFsense and learning as I go, following tutorials online
(Not new ish to networking though)Im setting up a carp failover using online tutorials, and have gotten to the point where I need to change the outbound NAT to use the virtual IP rather than the interface IP
(screenshot for reference )
When watching the tutorial, the guy has 2 rules for his LAN, (Bottom 2 on the screenshot) and he changes both to use the VIP WANHowever my setup since I have a few vlans I have a few more rules
But, i seem to have 4 rules per network
one for Virtual IP and one for the Interface
(Top 4 rules on the screenshot)
Iv been trying to find the difference between the two rules
I believe I can change all of them to use the VIP, but id like to know what the difference is between them?Thanks in advance
-
@pomtom44 Your top screen cap shows two rules for "Virtual IP (LAN)" and two for "50_IOT"...same subnet though??
-
@steveits Yes thats why im a little confused
you can see one is auto created for the VIP (I assume the virtual IP i set for my LAN CARP)
And one is set for 50_IOT (Which is my interface name on the router)So im assuming it has auto made one for each, but on another thread (reddit) i was told I can delete one of them so I only have one per subnet (as the source is the same for both, its only the comment which is different)
-
@pomtom44
Yes, you can remove one of the double. Obviously there was something going wrong with automatic rule generation.The matching parameters of the rules are:
Interface
Address family
protocol
source address
source port
destination address
destination portIf all these values are equal, the rules match to the same traffic and hence only the first one is applied while the next are ignored.