SOLVED - Questions about blocked IP setup with CRAP
-
Hello,
I use Pfsense with CRAP and my provider can give us IP for free but we have to pay a fee for each IP with Internet access.
So I can have 3 IP for free but I have to pay to have them reachable from outside.
(Every addresses are on a public subnet, even if they don't have Internet access).So I configured the 2 IP as WAN on each Pfsense routers and the last one as CRAP.
For now, only the CRAP address can access internet, to save money.My questions are :
- do Pfsense (WAN IP) need to access the Internet to work properly ?
- if not, can I use a "trick" to give Internet access to pfsense though the CRAP interface ?
(for example to download snort updates….)
I know this is a strange setup...
Thanks you for your answers :) -
the answer most likely is in:
http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_%28CARP%29#Setting_up_advanced_outbound_NATmore specifically, outbound NAT for localhost 127.0.0.0/8
-
Yep, you're right I just figured this out 1 hour ago ;D
BUT this give the active gateway access to Internet, not the secondary one.
-
BUT this give the active gateway access to Internet, not the secondary one.
[/quote
correct, because the secondary doesn't have the CARP addresss. You would need internet access for the secondary addresses if you need both firewalls on the internet all the time.