CARP on OPT1, OPT2… Not working, works fine on WAN



  • I have looked through all posts and don't see a topic that is quite what I have, so please forgive my ignorance if there is one addressing this.

    I currently have two boxes (pfsense 1.2.3)

    They have CARP set up and the following as a diagram…

    10.x.x.1 -----        LAN
            |
            |
              10.x.x.3  (CARP VIP)
            |
            |
    10.x.x.x2 ----

    96.x.x.1 -----          WAN
            |
            |
              96.x.x.3 (CARP VIP)
              |
              |
    96.x.x.x2 ----

    96.x.x.4 -----          OPT1
            |
            |
              96.x.x.6  (CARP VIP)
            |
            |
    96.x.x.5 -----

    The OPT1 is the same subnet as WAN, and CARP will not work correctly, I have the incoming NAT rule, and firewall rule set for say port 80 (webserver) but I don't even see in the log an attempt to connect (set in rule to log). This works fine on the WAN no issues.

    I have the OPT1 available to take some of the load off of the WAN interface. What is different about the WAN vs. the OPT1 interface? This did work using pARP with no issues, just want the fail-over feature now.

    I have tried to bond the OPT1 to the WAN but that really broke things! Any help or pointers would be greatly appreciated.



  • Any luck

    whats your status



  • @tenuhseegeek:

    The OPT1 is the same subnet as WAN, and CARP will not work correctly

    Plenty of things aren't going to work correctly with two interfaces on the same subnet, don't do that.



  • No change, I realize having 2 nics on same subnet is not a good idea, but this gave me the ability to offload a bunch of PARP addresses to one nic and a bunch more to another. Mostly just so high volume services can be split up across available interfaces.
    This did work using no CARP addresses, just PARP type virtual ip addresses. I really like the CARP and failover works great including state tables. Is my only option to bond the nics together? I can do that, but last time i tried bonding WAN, OPT1, OPT2 together I ended up re-installing and restoring the config file. So a little hesitant on trying it again.

    The CARP only seems to work on the WAN interface alone, nothing I do allows me connections from OPTx using CARP Address.


Log in to reply