Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Carp Support 2 PFSENSE boxes and 1 exeternal IP

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    3 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fastcon68
      last edited by

      I have one physical box (x-6000) and a (x-500) as cold backup.  I if add a 40 GB hd to both units.  I had read a while back that it would support 1 external IP accross both boxes.

      x-6000 - - - -\ (external IP - active node)
                          \–--------------------------------- DSL Modem (Bridge Modem)
                          /
      x-500 -------/ (external IP - Passive node)

      I trying to find out if this is possible.  This would solve my issue of upgrading my firewalls.  I am picking one version and staying with it until  the final release.

      I really need to have a backup device in case my primary firewall carshes.

      What is the status of the of this and how does it work.
      RC

      1 Reply Last reply Reply Quote 0
      • K
        KimmoJ
        last edited by

        Works just fine. Here's a step by step tutorial. It's for the 1.2 series but it's very similar for 2.0 RC.

        http://www.pfsense.org/mirror.php?section=tutorials/carp/carp-cluster-new.htm

        Basically, you put one external and one internal IP on both boxes, then create two virtual IP's, one external and one internal, and use those to connect to the firewall cluster. Your firewall boxes need at least three network ports each, as well. There are potential issues - one of the more obvious ones is needing three "real" external IP addresses. If you work for a company that has a block of addresses then that's not an issue, otherwise you'll need to do layers of NAT and get other single points of failure. But it does give you redundancy on the firewall, at least.

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          You need at least two public IPs, 3 static ones if you want stateful failover.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.