Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP / DMZ

    HA/CARP/VIPs
    2
    3
    2080
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      falcon
      last edited by

      Hello

      Im thinking of useing pfsence however im not entirly sure how I should set it up.

      I would like to use carp for fall over however im not sure with our setup that its possible

      Heres what we have now.

      WAN
      DMZ
      LAN1
      LAN2

      The DMZ is bridged to the wan interface and each server has multiple live ip addresses assigned to them. My understanding is that CARP doesn't work with interfaces are bridged and I would have to use 1:1 nat. Im not sure if nat would be suitable for us. we need to assign live ip addresses to the servers for ssl certs and other stuff. It sounds like a lot of un nessesary work setting up 30 odd ips manually and it may have adverse effects to ssl certs which need to be assinged to a diferent up address on the server for each cert.

      Am I going down the right path or am I confusing myself ? :)

      Any help you can give me would be greatly apreshiated

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        This is correct. CARP won't work on bridges.

        1 Reply Last reply Reply Quote 0
        • F
          falcon
          last edited by

          whats the way around that ?

          would it just simply be

          if destination is in this range and from WAN forward out DMZ interface
          and back out again
          If destination is from DMZ servers range to the net forward out WAN interface ?

          That way you wouldnt need NAT or Bridging ?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post