Multiple IPs / CARPs on the LAN Interface
-
It's possible that the input validation is checking the interface's subnet mask and not the IP alias' subnet mask.
… which I consider to be incorrect ...
IMHO the CARP should be in the same subnet as the corresponding ip alias - and this stipulates having the same subnet mask...Or am I wrong? ??? ::)
-
You are right, the input validation probably needs adjusted.
-
:) Thanks Jim!
Last annoyance for today: Should I post this in the Redmine Bug List or is it good enough you know about? -
There was already a ticket for it in redmine, just update that ticket with your new information.
-
Wilco, Thanks a lot for your fast help!
Highly appreciated!
-
I think that you are using the wrong interface for this.
Please show the steps to reproduce this. -
confused
What do you mean with "wrong interface"? Web instead of CLI? Wrong ethernet port?Background: Used on i386 (primary) and ALIX2 (backup), I am describing only the i386 setup here.
ok these are my steps:
1. Basic setup CLI:- Define Interfaces (WAN, LAN, OPT1). OPT1 intended to use for
- WAN IP (static only for now), LAN IP (192.168.254.253/24), Hostname etc.
2. Setup by Webinterface - Disable NAT
- Enable private Networks
- Firewall / Virtual IPs / define CARP 192.168.254.1/24 on LAN
- Firewall / Virtual IPs / define IP Alias 10.1.1.93/27 on LAN <– TYPO CORRECTED 20100903
- Firewall / Virtual IPs / define CARP 10.1.1.65/27 on LAN <- FAIL, only works with /24
How I had planned to continue
- Setup OPT1 with a /30 for pfSync
- Setup WAN CARP
- Setup Fw Rules
etc. etc.
-
Your ipalias is the same as you carp vip ip?! Do you expect this to work?
-
I found the problem.
Should be ok on latest snaps. -
@ermal:
Your ipalias is the same as you carp vip ip?! Do you expect this to work?
Sorry, there was a typo on the Alias, corrected now.
BTW: I was unable to retrieve the redmine ticket #, so I couldnt update it there. Apologies!
==
I just tried out another possible scenario:
Set up the pfsync AND the /27 subnet on OPT1.
Loosing the (my!!) preference of a dedicated pfsync interface, but this seems to work…
