CARP / DMZ



  • Hello

    Im thinking of useing pfsence however im not entirly sure how I should set it up.

    I would like to use carp for fall over however im not sure with our setup that its possible

    Heres what we have now.

    WAN
    DMZ
    LAN1
    LAN2

    The DMZ is bridged to the wan interface and each server has multiple live ip addresses assigned to them. My understanding is that CARP doesn't work with interfaces are bridged and I would have to use 1:1 nat. Im not sure if nat would be suitable for us. we need to assign live ip addresses to the servers for ssl certs and other stuff. It sounds like a lot of un nessesary work setting up 30 odd ips manually and it may have adverse effects to ssl certs which need to be assinged to a diferent up address on the server for each cert.

    Am I going down the right path or am I confusing myself ? :)

    Any help you can give me would be greatly apreshiated



  • This is correct. CARP won't work on bridges.



  • whats the way around that ?

    would it just simply be

    if destination is in this range and from WAN forward out DMZ interface
    and back out again
    If destination is from DMZ servers range to the net forward out WAN interface ?

    That way you wouldnt need NAT or Bridging ?


Locked