4. Backup Firewall Using CARP Address

Backup Firewall Using CARP Address

  • M

    I'm running CARP on two pfSense firewalls.  Everything appeared to be working correctly, but I noticed that pings from the backup firewall to an external gateway were failing.  I ran tcpdump and found that pings leaving the backup firewall are using the CARP virtual IP for that interface, so the replies go to the master.  This is only happening on one of four interfaces.  On the others, packets from the backup firewall are sourced from its real interface IP address as I would expect.

    –Mike

    0
  • Rebel Alliance Developer Netgate

    Check your outbound NAT, make sure you don't have any manual outbound NAT rules with a source of "*" (any). Those also apply to traffic from the firewall.

    Properly specify a source and it will stop doing the NAT to the CARP VIP.

    0
  • M

    Thank-you, Jim.  That was the issue - I needed to tighten up my NAT rule.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy