CARP, 1 VIP on LAN side, but separate WAN IPs + incoming portmapping
-
Hello!
I have a question: Is it possible for two pfSense boxes to act as Virtual Gateway on the LAN side, but still two separate IP addresses on the WAN side, each with its own portmapping?
The situation is as follows:
- I have two Public IP Addresses, let's say 1.5.7.3 and 1.5.7.4
- There will be 10+ servers on the LAN side, private subnet 192.168.1.0/24
- I can procure another private subnet for CARP between the pfSense boxes 192.168.2.0/28
- All servers and the 2 private networks are virtualized over VMware cloud
- 1.5.7.3:80 is to be mapped to 192.168.1.24:80
- 1.5.7.4:80 is to be mapped to 192.168.1.29:80
- 1.5.7.3:53 is to be mapped to 192.168.1.18:53
- 1.5.7.4:53 is to be mapped to 192.168.1.19:53
- Various other ports between 50'000 and 59'999 are mapped to port 22 of the internal servers, identically on both pfSense
I want the pfSense boxes to act as virtual gateways to the internal servers, i.e., 192.168.1.1 is a Virtual IP shared by the 2 pfSense boxes.
Is my configuration possible?
Thanks beforehand.
PS: I am currently using pfSense 1.2.3.