VIP / CARP Question
-
Sorry if this is a basic question but I'm getting very confused the more I read and I'm hoping someone can set me straight. Here's what I have going on.
I have 2 routers setup in a CARP cluster. I went through the http://olddoc.pfsense.org/index.php/Setting_up_CARP_with_pfSense documentation.
I have 2 servers internaly that I need 1:1 NATed for hosting puropses. My question is about VIP's. From what I know, just to make the CARP cluster work I need 3 public IP's. 1 IP per real interface on the routers and one virtual to share. I have a static pool of 5 IP's on the public side which should be enough. What's the proper way to setup my VIP's and NAT so that the CARP works and I can still 1:1 NAT the other 2? I appreciate any help.
~Ryan
-
I'm not sure if it's the right way, because I'm still fairly new to this myself. However, I've got a similar setup with half a class c that seems to be working.
Master FW WAN Interface: Public IP (x.x.x.2)
Backup FW WAN Interface: Public IP (x.x.x.3)Clustered CARP VIP: Public IP (x.x.x.4/25) (make sure the subnet you specify is correct - not single address)
I have a webserver in my DMZ with the ip 192.168.12.10. In order to use the CARP VIP for this webserver I have:
- setup a 1:1 nat mapping the public ip (x.x.x.4) to the private ip (192.168.12.10)
- setup a rule on the WAN allowing http and https traffic to the private address (the nat has already occurred so don't use public ip)
This is pretty much it. I have several other webservers which I'm accessing through additional carp/nat mappings setup the same as above (for each one add carp vip, 1:1 nat, and access rule).
-
Ok I've figured out all of my confusion and it is working seamlessly.
Thanks for the help!