How do CARP VIPs work ?



  • I want to use pfsense to replace our netscreen firewall. There are a couple of webservers behind the firewall.

    I want to achieve the following:

    WAN IP  25.25.25.25  (Is it possible to manage pfsense on the WAN IP ?)
    LAN IP    192.168.10.25

    webserver 1  192.168.10.100  running FTP, HTTP, SSH  (want to be able to access this server via 25.25.25.100, also be able to ping the webserver when it's up)
    webserver 2  192.168.10.101  running FTP, HTTP, SSH  (want to be able to access this server via 25.25.25.101)

    I saw that CARP Virtual IPs respond to ICMP Pings if allowed by firewall. I set up a rule and NAT too but when trying to ssh into 25.25.25.100 it went to the pfsense server,
    not the webserver 1. Also when I entered http://25.25.25.100 (when I was connected to the WAN network) , I wasn't able to go website on webserver 1.

    I've searched a bit in the FAQs and this forum but haven't found an example yet, explaining how to set it all up.



  • Can you describe the scenario a bit more detailed?


Log in to reply