4. CARP / DMZ

CARP / DMZ

  • F

    Hello

    Im thinking of useing pfsence however im not entirly sure how I should set it up.

    I would like to use carp for fall over however im not sure with our setup that its possible

    Heres what we have now.

    WAN
    DMZ
    LAN1
    LAN2

    The DMZ is bridged to the wan interface and each server has multiple live ip addresses assigned to them. My understanding is that CARP doesn't work with interfaces are bridged and I would have to use 1:1 nat. Im not sure if nat would be suitable for us. we need to assign live ip addresses to the servers for ssl certs and other stuff. It sounds like a lot of un nessesary work setting up 30 odd ips manually and it may have adverse effects to ssl certs which need to be assinged to a diferent up address on the server for each cert.

    Am I going down the right path or am I confusing myself ? :)

    Any help you can give me would be greatly apreshiated

    0
  • H

    This is correct. CARP won't work on bridges.

    0
  • F

    whats the way around that ?

    would it just simply be

    if destination is in this range and from WAN forward out DMZ interface
    and back out again
    If destination is from DMZ servers range to the net forward out WAN interface ?

    That way you wouldnt need NAT or Bridging ?

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy