Hardware backup



  • Hello all.

    Firstly, we've ditched the bonded ADSL that was going to supply our building and we are getting an EFM 10Meg service put in (lead-time is just over 1 month).  That's being supplied with a good batch of IP addresses, so each of the vLans will be able to have its own public address and there'll be no sharing.

    What I'm trying/hoping to do is have a hardware situation where we have 2 boxes linked so that there is fall-back if the main one fails (either CARP or H???).  Am I right in my thinking that one of these systems would provide a 'hidden' switch-over in the case of a failure?  And I'm referring to a pfSense computer failure, not an incoming line failure (there will only be one supply in the building).



  • You can try carp with 2.0 RELEASE.

    If you do not want nat, you may need to try carp with two bridged pfsenses.



  • How involved is CARP?

    Also, is it 'invisible' to all the computers connected to it?  Or does it have a different IP address as the gateway and so need all the computers (currently about 40 in half a dozen different companies) need to reDHCP?



  • Take a look on docs.pfsense.org

    There are some info for you understand better how carp works.



  • With CARP you need a minimum of 3 IPs per interface.  One for the first box, one for the second box, and then one that is shared.  That last one is the one that would be used as your gateway on the LAN side and is the one that would be used by your clients for presence on the WAN side.  If you wanted to use different WAN IPs for different subnets then you'd need an additional WAN IP for each subnet (so 3 IPs for 1 subnet, 4 IPs for 2 subnets, 5 IPS for 3 subnets, and so on).


Locked