Using a CARP IP adress for a dedicated Gateway
-
Hi All,
I have an issue for which one I didn't found a solution.
Here is the setup (two pfSense boxes) :
2.1-RELEASE (i386)
built on Wed Sep 11 18:16:22 EDT 2013
FreeBSD 8.3-RELEASE-p11Cluster HA/CARP/pfSync
LAN1 is the LAN I/F for the fisrt pfsense Box
LAN2 is the LAN I/F for the second pfsense Box
WAN1 is the WAN I/F for the fisrt pfsense Box
WAN2 is the WAN I/F for the second pfsense BoxLAN1 = 192.168.10.254/24 - em1
LAN2 = 192.168.10.253/24 - em1
LAN_CARP = 192.168.10.10/24 (vhid 1)PFSYNC1 = 10.0.0.254/24 - em2
PFSYNC2 = 10.0.0.253/24 - em2This vhid_1 id the LAN Default Gateway for network 192.168.10.0/24
WAN1 = z.x.y.210/29 - em0
WAN2 = z.x.y.211/29 - em0
WAN_CARP = z.x.y.213/26 (vhid_2)
WAN Gateway = z.x.y.214/29A second gateway is also defined to reach a different subnet :
GW250 = 192.168.10.250/24
Remote network to reach : 192.168.33.0/24
I/F : LANHere is where the trouble begins (if it is a trouble, I would like to be sure)…
If I perform a TRACEROUTE from a Windows Box or Unix Box inside the 192.168.10.0/24, Packets are leaving by the default Gateway… A Windows tracert gave me extra details, ie packets are using the LAN1 IP address 192.168.10.254.
So, my question is to know if it possible to bind the gateway (GW250) to the CARP group (192.168.10.10/24) instead of the LAN1 or LAN2 (192.168.10.254 or 192.168.10.253 during a Failover) ?
Coud it be a routing trouble ? Do I need a dedicated I/F setup to forward traffic from LAN to Remote_LAN 192.168.33.0/24 ?
Tanks a lot for help and your opinions :-)
-
https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F#CARP
Must be in the same subnet as an IP address on the interface (real interface IP or IP alias.)
-
Hi,
I would like extra explanations, may be I missed something.
Below, details about the config.
Now, some traceroute details :
A - Traceroute from pfSense to remote LAN2
[2.1-RELEASE][root@pfsensemaster]/root(1): traceroute 192.168.3.33
traceroute to 192.168.3.33 (192.168.3.33), 64 hops max, 52 byte packets
1 192.168.10.250 (192.168.10.250) 0.505 ms 0.777 ms 0.429 ms
2 10.255.240.1 (10.255.240.1) 7.494 ms 8.246 ms 7.968 ms
3 10.34.158.2 (10.34.158.2) 19.967 ms 20.303 ms 19.952 ms
4 192.168.3.33 (192.168.3.33) 19.975 ms 19.805 ms 19.948 msEverything is OK
Now, traceroutre from a Linux bos inside LAN1 to LAN2, the default Gateway is 192.168.10.10 of LAN1 :
root@S-Linux: pts/0: 6 files 164Kb # traceroute 192.168.3.33
traceroute to 192.168.3.33 (192.168.3.33), 30 hops max, 60 byte packets
1 192.168.10.254 (192.168.10.254) 0.357 ms 0.364 ms 0.335 ms
2 192.168.10.250 (192.168.10.250) 0.854 ms 0.890 ms 0.873 ms
3 10.255.240.1 (10.255.240.1) 8.133 ms 8.139 ms 8.112 ms
4 10.34.158.2 (10.34.158.2) 19.944 ms 21.940 ms 21.913 ms
5 192.168.3.33 (192.168.3.33) 21.887 ms 21.897 ms 21.868 msIs this normal that the first hop using 192.168.10.254 instead of 192.168.10.10 ??? Why packets first are leaving to IP = 192.168.10.254 and then back to 192.168.10.10 ?
This the routing table of the Linux box :
root@S-Linux: pts/0: 6 files 164Kb # netstat -rn
Table de routage IP du noyau
Destination Passerelle Genmask Indic MSS Fenêtre irtt Iface
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.10.10 0.0.0.0 UG 0 0 0 eth0Could it be a reason why I have some routing troubles from LAN2 to LAN1 ???
I will really appreciate your help about this issue :-)