Carp with public ip addresses on Lan
I have a site with public IP addresses on my Lan, so I am not NATing. The pfSense book has a good outline on how to do CARP with a system that is NATed, but I was not able to follow the process for the Public IP address on the Lan example. I have a subnet with 8 addresses (public) on my WAN, with one of them being my gateway. My internal LAN has a B class network subnetted to 255.255.254.0 (essentially 2 class C segments). I have a single pfsense firewall working and would like to add a CARP failover. Can I use a VIP on LAN interface so that I have a common internal gateway for my users? I also need a VIP on my WAN so that single gateway machine that routes to me can have a single address no matter which PFSense box is active.
Thanks for any input.
That works fine, just turn off outbound NAT.
Use a CARP VIP on WAN and make sure your /23 is routed to the WAN CARP VIP and then the routing should work as expected.
I assume that I have a CARP VIP on the inside also so that I have the same internal IP gateway no matter which is active?
Yep, that's correct.