Virtual IP problem…
-
I am triyng to build a 1:1 nat.
My purpose; Setup an external vip (real ip) and forward all traffic incoming on this vip to an internal ip.
For now, I only managed to run this setup with Carp type vip. But when I setup a carp type interface I see a huge trafic on my wan interface. (like 10Mbits, normally it's 1Mbits). (Is this normal???)I couldn't setup this scenario with proxyarp type and other type vips.(Is this normal ???)…
Thanks for any help...
-
CARP is sending out heartbeat broadcasts as it usually is to build clusters (redundant setups). However I have not yet seen it causing 10 mbit/s traffic. ProxyARP should work as well, as it is also generating layer2 Traffic like CARP for the VIP. What is in front of your system at WAN? Sometimes it's a problem with the ARP-Cache of the device in front of you. Try to power this system down for a bit (bridged cablemodems for example are known to have ARP issues sometimes).
-
My WAN is a C-class subnet. In this subnet, we have a heavy working firewall (the firewall that I try to migrate from) and a couple of network servers. I don't see that WAN traffic on other interfaces. So this traffic is not my LAN's traffic. Is it possible , WAN interface is sniffing wan traffic ???
So you say I sould setup this kind of a connection with proxyarp type VIPs?
-
It depends what you want to do. If you easily want to add a a failovernode later use CARP. Btw, these broadcasts won't leave the WAN subnet.
-
Finally I did what I want… :)
1 - I've created a vip (proxyarp).
2 - I've added a 1:1 nat for my LAN ip for vip
3 - I've added a port-forward for My LAN ip for ports 1-65500Now it work properly...
But I couldn't solve high traffic on carp vips. ???