Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No internet connectivity on standby CARP member

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    3
    6
    278
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      clonian
      last edited by

      Hello,
      I have set up 2 firewalls sharing CARP interfaces for WAN/LAN in an active/standby state. For some reason, the standby firewall cannot ping out to 8.8.8.8 (or anywhere) on the WAN, but it CAN reach the layer 3 network device on the other side of the LAN interface. I'm sure I'm just missing something simple here, but I'm drawing a total blank. What should I check at this point?

      V S 2 Replies Last reply Reply Quote 0
      • V
        viragomann @clonian
        last edited by

        @clonian
        Some more information would be necessary to help.

        1 Reply Last reply Reply Quote 0
        • S
          SteveITS Rebel Alliance @clonian
          last edited by

          @clonian 3 public IPs?
          https://docs.netgate.com/pfsense/en/latest/highavailability/index.html#ip-address-requirements-for-carp

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote ๐Ÿ‘ helpful posts!

          C 1 Reply Last reply Reply Quote 0
          • C
            clonian @SteveITS
            last edited by

            @SteveITS Yes, there are 3 public IPs, and 3 LAN side IPs (firewalls both have a LAN side and WAN side interface, a layer 3 switch is doing the routing behind the LAN) - IP 1 is CARP IP shared between the two, IP 2 is assigned to pfsense 1, ip 3 is assigned to pfsense 2.

            C S 2 Replies Last reply Reply Quote 0
            • C
              clonian @clonian
              last edited by

              @clonian The secondary member does show CARP correctly, and fails over as master successfully, etc. when the primary goes down - It just has no internet presently while it's the backup member.

              1 Reply Last reply Reply Quote 0
              • S
                SteveITS Rebel Alliance @clonian
                last edited by

                @clonian Check Diagnostics/Routes on secondary? Any chance the ISP router is locking on to the CARP IP? IOW if you remove the shared IP they should both be able to connect out on their own.

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote ๐Ÿ‘ helpful posts!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post