Help with routing over private interconnection.

alexis.olivier

Hello everybody,

I'm just setting up a new router/firewall system at my work.
To be brief and concise, here is the network :

INTERNET
              |
              |
          Router –--- Network A (10.X.0.0/8)
              |
              |
Interconnection (192.168.224.65/28)
              |
              |
            CARP A
          /        \ 
          /         
        /  pfSync 
PFSense 1 <---> PFSense 2
        \            /
          \          /
          \        /
            CARP B
              |
              |
    Network B (10.Y.0.0/8)

The routing and acces to Internet are good for all the machines from Network B or Network A.
The problem is for the two pfSense boxes. Their default gateway is the router's interconnection IP (private and not routed).
When they are trying to contact the Internet (online updates for exemple) or the Network A (host resolution), they send their packets with interconnection's private source IP, and thus, do not receive any reply.
I added a NAT rule on each to masquerade their packets with their own address in Network B (routed). It appears that this solution works but only for the master of the CARP A.

Is there something done wrong ? How could i give access to the rest of the network to the two pfSense boxes ?

Thanks in advance for your answers !