CARP/VIP and Automatic outbound nat

  • Hello,

    When following the instructions in either the 2.0 or 2.1 manual for setting up CARP/VIPs, one of the steps is to change NAT from automatic to manual, then alter the rules for the VIP.

    It appears once I am using CARP/VIP, automatic outbound nat will no longer function properly.  Is this true?



  • Rebel Alliance Developer Netgate

    You cannot use Automatic Outbound NAT with a proper/correct CARP configuration.

    You must be on Manual Outbound NAT and have the CARP VIP specified in the translation address of the rules.

    The only downside to that vs automatic is that if you add a new subnet, you'll need to add NAT rules for it. That's really all Automatic Outbound NAT does, is to add basic NAT rules for all "local" subnets.

Log in to reply