PfSense failover… getting started
-
I'm very new to the failover and load balancing area. I would really like to have two pfSense boxes to add redundancy to my current network configuration. Currently, my isp supplies an ip based on a mac on one of my interfaces. This is dynamically assigned and can change at some point. My isp requires that you login via a captive portal page, but I've paid to have them keep track of my mac address so I don't have to use that page. How would I go about having redundant firewalls and have it look like only one mac address and ip to my isp? Is that even possible?
-
No, that is not possible exactly as you have it.
For proper CARP, you need three static IPs on WAN in the same subnet. However, if you were able to get those three IPs, the CARP VIP's MAC address would be constant for both machines so a portal bypass may still work for that.
Alternately, you could put a cheap SOHO-type router in front to do NAT and have your WAN static IPs be on the LAN side of the cheap router, but that just moves your single point of failure around, you wouldn't have true redundancy.
-
I'm confused why I would need three. I can see two, but where does the third one go? Also, I would like to host a web-server behind them, what ip do I submit with my domain name for dns records?
-
It's well documented in the wiki and book, each machine needs its own IP address and then they need one to share as the CARP address.
-
Ah. Okay. That's the ip for dns records… yes? And maybe a newb question, but where's the wiki? I looked over the forum home page quickly and couldn't find it.
-
It's linked in my signature. :)
-
Hey! Lookie there! Thanks!
-
I've only glanced through the wiki just now, so if you say it exists, I'll go find how to do it, but is it possible to load balance incoming and outgoing traffic through two pfsense boxes? Or is that only available for fail-over?
-
CARP is only for failover.
-
Okay. Is it possible through other means? Then I can direct my questions there.
-
It's not possible to do in any useful way. Why do you need to load balance between two firewalls at the same time?
-
I'm not sure. Just curious what all pfSense, or any router for that matter, can do.
