How to 1 wan ip(dhcp) to two pfsense router in failover with carp

knarf_D10 · Sep 14, 2010, 9:41 PM

Hi,

In the process of implementing a failover routing system with two pfsense pcs
I need two static wan ips.

Now I can only get 1 wan dynamic ip (budget reason)

I also have some linksys routers available.

Can I use one linksys to provide two ips to the pfsense routers wan side
what should I use router, bridging or nat.
what problems will I encounter

Thanks in advance
Best Regards
Franck

Guest · Sep 14, 2010, 11:19 PM

To do a CARP cluster you need 3 public, static, IP addresses. You could hide all this behind your linksys router, but then that would defeat the point of the CARP cluster as the linksys box would become your single point of failure (and a likely one at that).

knarf_D10 · Sep 15, 2010, 12:49 AM

Submicron,

Thanks for the reply.

My Carp setup is working perfect.
I understand your point about the mid point (lin***s… likely) defeating the purpose of the failover setup.

Would bridging with a (simple quality router) fix my problem.

(the pfsense carp failover give me a very easy way to experiment/test and put in production scenario)

Regards

knarf_D10 · Sep 15, 2010, 9:15 PM

Is there a work around for this.

Can I use some routing protocol to map the dynamic wan ip from the isp
to the required wan static ips of the pfsense, using some other simple router.

I need to get this going soon

Regards

jimp · Sep 16, 2010, 1:06 PM

There is no workaround for that. There is no way to share a single DHCP-obtained address via CARP.

As submicron said, you need no less than 3 static IP addresses in the same subnet to do carp.

There is a new version of carp (carpdev) that can do some more things, but it isn't even in 2.0 yet and I still don't think it handles DHCP (though I could be wrong on that)

knarf_D10 · Sep 16, 2010, 8:29 PM

Thanks Jimp, I understand.

I should have said ( If I use another router in between the WAN drop and the pfSense router)

Could I implement a direct transparent route to my CARP setup.

If possible what is the best way with a simple router
Dynamic route / Static route / address forwarding

Regards

jimp · Sep 16, 2010, 8:31 PM

That's the same thing you mentioned before, which just moves your single point of failure to a small NAT device instead of pfSense. You wouldn't gain much from CARP in that case.

knarf_D10 · Sep 16, 2010, 8:51 PM

I know … my loss is not complete though!

I still want to do it... how should I go

Regards