Carp with public ip addresses on Lan



  • I have a site with public IP addresses on my Lan, so I am not NATing.  The pfSense book has a good outline on how to do CARP with a system that is NATed, but I was not able to follow the process for the Public IP address on the Lan example.  I have a subnet with 8 addresses (public) on my WAN, with one of them being my gateway.  My internal LAN has a B class network subnetted to 255.255.254.0 (essentially 2 class C segments).  I have a single pfsense firewall working and would like to add a CARP failover.  Can I use a VIP on LAN interface so that I have a common internal gateway for my users?  I also need a VIP on my WAN so that single gateway machine that routes to me can have a single address no matter which PFSense box is active.

    Thanks for any input.


  • Rebel Alliance Developer Netgate

    That works fine, just turn off outbound NAT.

    Use a CARP VIP on WAN and make sure your /23 is routed to the WAN CARP VIP and then the routing should work as expected.



  • Thanks,

    I assume that I have a CARP VIP on the inside also so that I have the same internal IP gateway no matter which is active?


  • Rebel Alliance Developer Netgate

    Yep, that's correct.


Locked