CARP with Multi WAN + Multi LAN
-
Hi Guys,
I'm fairly new to pfsense so some help would be great setting up. Running through as many docs as i can.
The situation is. 2 x pfsense 2.0.1 boxes running Carp, i have CARP running at this stage just need to figure the VIPs or how to do it really.
Here is the setup and what needs to be done. Obviously these are not the IP's
(Public Range) 192.168.1.0\24 yes 24 public
Lan range - 10.1.1.0\24 Primary range
Other lan subnets on same interface 10.1.2.0, 10.2.2.0, 10.10.1.0 etc there is about another 20-30 subnets on the lan sideCARP master 1.1.1.1 slave 1.1.1.2
Master
WAN INT 192.168.1.252
WAN VIP 192.168.1.254
LAN INT 10.1.1.252
LAN VIP 10.1.1.254Slave
WAN INT 192.168.1.253
WAN VIP 192.168.1.254
LAN INT 10.1.1.253
LAN VIP 10.1.1.254Now the question is for the other 200odd public IP's where do i assign these? are they simply setup the same way as the CARP VIP? for the lan and the wan side. any way i can do this in bulk rather than seperate entries.
Do i need to do anything with outbound NAT i'm assuming this is source nat?
Some nat rules for example may be 192.168.1.230 forward port 25 to 10.2.10.12,
I'm currently running on endian and this is just much different in how its all setup.
The other thing is i have one ethernet drop into the rack, i was going to create a vlan on the swith for 3 ports which will have the uplink and the 2 x wan ports is this the correct way of doing it.
-
Ok i've got everything sorted just how to enter the IP addresses. anyone ???
-
(Public Range) 192.168.1.0\24 yes 24 public
No way. Your provider configured it for you, but it's not public.
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
Are private networks.Now the question is for the other 200odd public IP's where do i assign these? are they simply setup the same way as the CARP VIP? for the lan and the wan side. any way i can do this in bulk rather than seperate entries.
With carp, I think you will do it one by one.
Proxy arp could do the job but with no fail over.Do i need to do anything with outbound NAT i'm assuming this is source nat?
If you want to specify a that on 10.x address will nat to a specific 192.168, then yes set an outbound NAT
The other thing is i have one ethernet drop into the rack, i was going to create a vlan on the swith for 3 ports which will have the uplink and the 2 x wan ports is this the correct way of doing it.
Sorry I did not understood this question.
-
Sorry i used the 192.168.1.0 as an example i have real public ips.
OK i'm getting there.
What i've done is gone to Virtual IP's > Created a new IP Alias and Assigned it to WAN CARP interface. This has replicated over onto my other box so presume this is the way to do it?
That just leaves the lan side to work out.
I have currently a 10.1.1.0/24 range assigned to the LAN interface. I need to somehow attach the other subnets
If i try and do the same thing and assign example 10.2.2.254 as an alias to the LAN CARp i get this error.
The following input errors were detected:
Sorry, we could not locate an interface with a matching subnet for 10.2.2.254/24. Please add an IP alias in this subnet on this interface.Just need to work this out and i'm off to install it please help :P
-
What i've done is gone to Virtual IP's > Created a new IP Alias and Assigned it to WAN CARP interface. This has replicated over onto my other box so presume this is the way to do it?
assign a valid ip on each wan interface
configure sync between pfsense boxes(use a dedicated interface for sync or a vlan)
go on firewall-> virtual ip and add a carp ip(not an ip alias) with the same subnet you configured wan interface
