CARP + NAT reflection - interface IP instead CARP IP

viragomann

Hi,

I have 2 pfSense boxes running in CARP mode which work as expected.
For accessing internal web services with external DNS informations I have activated NAT reflection in "NAT + Proxy" mode.

Now I have found that the services are accessed by the masters DMZ interface IP instead of CARP IP. So in case of a failover the connections will not be able to taken over by slave.

Anyone knows if it's possible to configure NAT reflection to use CARP IP?

jimp

There isn't a way to make that happen currently.

You could try Pure NAT mode but I believe it also uses the interface IP address.

If it matters that much, setup split DNS so that you do not need to rely upon reflection

viragomann

Thanks for reply.

I have web services which should reach other web services at the same pfSense interface. That only works in proxy mode.

I have dropped internal DNS view weeks ago since sometimes I've forgotten to update it when changes occur.

Do you know if pfSense 2.2 will use CARP IP?

jimp

No difference on 2.2

Split DNS is the better fix.