Netgate SG-1000 microFirewall

Author Topic: CARP on WAN w/ 2 Static IPs... Need help  (Read 136 times)

0 Members and 1 Guest are viewing this topic.

Offline umuzidan

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
CARP on WAN w/ 2 Static IPs... Need help
« on: December 31, 2017, 06:28:09 am »
I am given two static IPs by my ISP in my data center. Presently I have one pfsense fw setup using both. WanIP1 used for NAT outbound from LAN1 and WanIP2 used for NAT outbound from LAN2. I have configured WanIP1 to allow only OpenVPN inbound connections and WanIP2 for HTTP and HTTPS inbound to relayd running on pfsense.

Reading here: I found this "Minimum of three IP addresses per subnet (one for primary, one for secondary, one or more for CARP VIPs) -- This can be avoided on pfSense 2.2, but is still recommended."

What I'm looking to understand is if it is possible to have another pfsense running in a hot standby mode whereas if pfsense1 crashed, pfsense2 could take over in some fashion.

Again, at first glance, I see my limitation as only having two static public IPs available, but am curious what the note means form the link above.

Also, if I had two static IPs available, would I direct web traffic to my new CARP WAN IP and change all my rules on pfsense to use this CARP IP as the destination IP for incoming traffic? Just looking to understand.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 10258
  • Karma: +1176/-313
    • View Profile
Re: CARP on WAN w/ 2 Static IPs... Need help
« Reply #1 on: December 31, 2017, 11:36:13 am »
You need three addresses.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!