Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP + NAT reflection - interface IP instead CARP IP

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    4 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V Offline
      viragomann
      last edited by

      Hi,

      I have 2 pfSense boxes running in CARP mode which work as expected.
      For accessing internal web services with external DNS informations I have activated NAT reflection in "NAT + Proxy" mode.

      Now I have found that the services are accessed by the masters DMZ interface IP instead of CARP IP. So in case of a failover the connections will not be able to taken over by slave.

      Anyone knows if it's possible to configure NAT reflection to use CARP IP?

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        There isn't a way to make that happen currently.

        You could try Pure NAT mode but I believe it also uses the interface IP address.

        If it matters that much, setup split DNS so that you do not need to rely upon reflection

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • V Offline
          viragomann
          last edited by

          Thanks for reply.

          I have web services which should reach other web services at the same pfSense interface. That only works in proxy mode.

          I have dropped internal DNS view weeks ago since sometimes I've forgotten to update it when changes occur.

          Do you know if pfSense 2.2 will use CARP IP?

          1 Reply Last reply Reply Quote 0
          • jimpJ Offline
            jimp Rebel Alliance Developer Netgate
            last edited by

            No difference on 2.2

            Split DNS is the better fix.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.