CARP + NAT reflection - interface IP instead CARP IP



  • Hi,

    I have 2 pfSense boxes running in CARP mode which work as expected.
    For accessing internal web services with external DNS informations I have activated NAT reflection in "NAT + Proxy" mode.

    Now I have found that the services are accessed by the masters DMZ interface IP instead of CARP IP. So in case of a failover the connections will not be able to taken over by slave.

    Anyone knows if it's possible to configure NAT reflection to use CARP IP?


  • Rebel Alliance Developer Netgate

    There isn't a way to make that happen currently.

    You could try Pure NAT mode but I believe it also uses the interface IP address.

    If it matters that much, setup split DNS so that you do not need to rely upon reflection



  • Thanks for reply.

    I have web services which should reach other web services at the same pfSense interface. That only works in proxy mode.

    I have dropped internal DNS view weeks ago since sometimes I've forgotten to update it when changes occur.

    Do you know if pfSense 2.2 will use CARP IP?


  • Rebel Alliance Developer Netgate

    No difference on 2.2

    Split DNS is the better fix.


Log in to reply