CARP and bridge on same system .. working .. kinda :-)



  • Well since i really don't wan to to go back to command line firewalls i've taken some time to make carp available on the same cluster i plan to run bridge on since proxy arp doesn't work.
    More about the issue can be read here: http://forum.pfsense.org/index.php/topic,6256.0.html

    Anyway what i did is connected 2 interfaces to WAN and named the other one WAN2. Then i installed CARP, SNAT, DNAT rules as usual for WAN, OPT1 and OPT2 network. It worked. Then i istalled WAN2 with 192.168.0.1 and OPT3 with 192.168.0.1. Then i bridged OPT3 to WAN2.

    Now i can access machines on OPT3 with their internet IPs while others DNATed are also accessible. But this works only from internet.

    Servers DNATed can't acess internet right now, althou they can be accessed from internet, but i think it just might be related to missing firewall rules.

    And on node2 i get lot;s of warnings which make sense untill i configure bridge there too with stp.

    Any comments?
    Maybe how to allow servers from bridged part of the network to access those dnated ones.


Log in to reply