Multiple IPs / CARPs on the LAN Interface



  • Dear all,

    I'd like to do this setup on my LAN interface
    IP: 192.168.254.253/24 (and .254 on the backup box)
    CARP: 192.168.254.1/24
    IP Alias: 10.1.1.93/27 (and .94 on the backup box)
    CARP: 10.1.1.65/27

    So far everything but the last steps goes ok,
    the last step (i.e. definging the second CARP) fails with the message:" The following input errors were detected: Sorry, we could not locate an ionterface with a matching subnet for 10.1.1.65/27. Please add an IP Alias inthis subnet on this interface"

    10.1.1.93 responds on pings. (source IP 10.1.1.70)
    Setup: Intel Mini ATX Board with pfSense-2.0-BETA4-20100824-1911.iso.gz

    Many thanks for enlightment ;)



  • Try next snapshot it should allow you to do that.
    Previously it was not allowed to use ip aliases for carp.



  • ermal,

    Thanks for this  ;D



  • Thanks, Ermal,

    Well, the next didn't but the current does. Many thanks for helping!

    Follow-up question:
    True or false: I cannot set CARP: 10.1.1.65/27 but must set /24, though the Inet alias has a /27 ??

    I'm suspecting this is meant with the CIDR Remark on that page, but this isn't quiet clear to me..  :(

    Many thanks,
    HP.


  • Rebel Alliance Developer Netgate

    The CARP VIP subnet mask should match the subnet mask of the place it's being used. It's possible that the input validation is checking the interface's subnet mask and not the IP alias' subnet mask.



  • It's possible that the input validation is checking the interface's subnet mask and not the IP alias' subnet mask.

    … which I consider to be incorrect ...
    IMHO the CARP should be in the same subnet as the corresponding ip alias - and this stipulates having the same subnet mask...

    Or am I wrong?  ??? ::)


  • Rebel Alliance Developer Netgate

    You are right, the input validation probably needs adjusted.



  • :) Thanks Jim!
    Last annoyance for today: Should I post this in the Redmine Bug List or is it good enough you know about?


  • Rebel Alliance Developer Netgate

    There was already a ticket for it in redmine, just update that ticket with your new information.



  • Wilco, Thanks a lot for your fast help!

    Highly appreciated!



  • I think that you are using the wrong interface for this.
    Please show the steps to reproduce this.



  • confused
    What do you mean with "wrong interface"? Web instead of CLI? Wrong ethernet port?

    Background: Used on i386 (primary) and ALIX2 (backup), I am describing only the i386 setup here.
    ok these are my steps:
    1. Basic setup CLI:

    • Define Interfaces (WAN, LAN, OPT1). OPT1 intended to use for
    • WAN IP (static only for now), LAN IP (192.168.254.253/24), Hostname etc.
      2. Setup by Webinterface
    • Disable NAT
    • Enable private Networks
    • Firewall / Virtual IPs / define CARP 192.168.254.1/24 on LAN
    • Firewall / Virtual IPs / define IP Alias 10.1.1.93/27 on LAN  <– TYPO CORRECTED 20100903
    • Firewall / Virtual IPs / define CARP  10.1.1.65/27 on LAN <- FAIL, only works with /24

    How I had planned to continue

    • Setup OPT1 with a /30 for pfSync
    • Setup WAN CARP
      -  Setup Fw Rules
      etc. etc.


  • Your ipalias is the same as you carp vip ip?! Do you expect this to work?



  • I found the problem.
    Should be ok on latest snaps.



  • @ermal:

    Your ipalias is the same as you carp vip ip?! Do you expect this to work?

    Sorry, there was a typo on the Alias, corrected now.

    BTW: I was unable to retrieve the redmine ticket #, so I couldnt update it there. Apologies!

    ==
    I just tried out another possible scenario:
    Set up the pfsync AND the /27 subnet on OPT1.
    Loosing the (my!!) preference of a dedicated pfsync interface, but this seems to work…


Log in to reply