Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT 1:1 configuration in HA-CARP mode

    Scheduled Pinned Locked Moved NAT
    natcarpha carp
    8 Posts 3 Posters 499 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • empbillyE
      empbilly
      last edited by

      Hello,

      The 1:1 NAT configurations we had stopped working when we configured our 2 appliances in HA-CARP.

      What does 1:1 NAT configuration work like in HA mode?

      https://eliasmoraispereira.wordpress.com/

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @empbilly
        last edited by

        @empbilly
        I cannot think of any issue with this in the context of HA, as long as the external IP is the CARP VIP or or another virtual IP hooking up on the CARP VIP.

        What exactly is your problem and how did you configure the NAT 1:1?

        empbillyE 1 Reply Last reply Reply Quote 0
        • empbillyE
          empbilly @viragomann
          last edited by empbilly

          @viragomann said in NAT 1:1 configuration in HA-CARP mode:

          What exactly is your problem and how did you configure the NAT 1:1?

          It was configured that way.

          nat_ha.png

          Captura de tela de 2024-05-24 09-30-12.png

          In the “interface” option, should I put the CARP VIP public IP?

          https://eliasmoraispereira.wordpress.com/

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @empbilly
            last edited by

            @empbilly
            In the alias settings at Interface open the drop-down and select the CARP VIP.

            empbillyE 1 Reply Last reply Reply Quote 0
            • empbillyE
              empbilly @viragomann
              last edited by

              @viragomann said in NAT 1:1 configuration in HA-CARP mode:

              In the alias settings at Interface open the drop-down and select the CARP VIP.

              I had already done this some time ago. When I set it up this way, the VIP CARP in pfbackup is set to MASTER.

              https://eliasmoraispereira.wordpress.com/

              S V 2 Replies Last reply Reply Quote 0
              • S
                SteveITS Galactic Empire @empbilly
                last edited by

                @empbilly For your IP alias I think /32 is wrong:
                dac2d324-31d0-476c-a5de-a123b8b0edf5-image.png

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote 👍 helpful posts!

                empbillyE 1 Reply Last reply Reply Quote 1
                • V
                  viragomann @empbilly
                  last edited by

                  @empbilly said in NAT 1:1 configuration in HA-CARP mode:

                  @viragomann said in NAT 1:1 configuration in HA-CARP mode:

                  In the alias settings at Interface open the drop-down and select the CARP VIP.

                  I had already done this some time ago. When I set it up this way, the VIP CARP in pfbackup is set to MASTER.

                  So there is something wrong with this IP or the CARP VIP, which you should troubleshoot.
                  Check the logs for hints.

                  Hooking up the IP alias on the CARP VIP is necessary for proper failover. If you just set it on the interface it can never failover to the secondary.

                  1 Reply Last reply Reply Quote 1
                  • empbillyE
                    empbilly @SteveITS
                    last edited by

                    @SteveITS said in NAT 1:1 configuration in HA-CARP mode:

                    For your IP alias I think /32 is wrong:

                    @viragomann said in NAT 1:1 configuration in HA-CARP mode:

                    So there is something wrong with this IP or the CARP VIP, which you should troubleshoot.
                    Check the logs for hints.

                    Hooking up the IP alias on the CARP VIP is necessary for proper failover. If you just set it on the interface it can never failover to the secondary.

                    Thank you both for your help!!!

                    I've set up a new carp just for this type of 1:1 NAT situation and I'm doing a port forward.

                    https://eliasmoraispereira.wordpress.com/

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.