AW: [pfSense Support] carp array
1. config all your public IPs as CARP-IPs, so the pfsense will answer them on wan 2. use firewallNATportforward to forward the virtual IPs to the Servers inside your Network (check the autocreate rule option) 3. use firewallNAToutbound with enabled advanced outbound NAT to make the Servers use their corrosponding virtual IP for going out to WAN (you have to create some rules for that, first match wins) Alternatively you could use 1:1 NAT but this basically is for converting complete IP-Ranges btw, I'll redo the tutorial in some time with the new GUI-Layout. Hope this helps, Holger -Ursprüngliche Nachricht- Von: alan walters [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 19. Juli 2005 00:36 An: support@pfsense.com Betreff: FW: [pfSense Support] carp array I have reviewed the tutorial before, it looks good for outbound connections. How would I manage this under the latest version? (NO auto option) We have two apache servers 1 dns and 1 smtp server inside our network that clients need to access We want to use the carp array for inbound connections as well as outbound connections is this possible would I just setup the carp configuration using virtual IP's for each of my services on the WAN We have two apache servers 1 dns and 1 smtp server inside our network that clients need to access So we have a pool of IP's can we make all of these available in the carp pool on the wan interface?? This is a hard thing to write but I hope someone realises what I am saying Alan -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 16 July 2005 00:15 To: alan walters Cc: support@pfsense.com Subject: Re: [pfSense Support] carp array On 7/15/05, alan walters [EMAIL PROTECTED] wrote: We have a present firewall that we want to redunently backup. I have reviewed some of the information but am a little confused about how we could deploy this. Our configureation is as follows Primary backup Wan1wan2(opt1)Wan1 wan2(opt1) Lan DMZ(opt2) opt3(carp)opt3(carp) LAN DMZ(opt2) Would switches be placed in front of wan1 and wan2 and then linked to primary and backup firewalls? http://www.pfsense.com/tutorials/carp/carp_cluster.htm goes over this in detail (with pictures!) Can I sync the entire system across this?? Can you provide failover services? Yes. Take a look at http://www.pfsense.com/tutorials/carp/carp_cluster.htm Would the hardware need to be identical No. I use a Nexcom appliance currently as my primary firewall and a soekris 4501 as a backup. Works great. Any thoughts on how this configuration would best be deployed. http://www.pfsense.com/tutorials/carp/carp_cluster.htm has the low down. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.16/50 - Release Date: 15/07/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.9.0/50 - Release Date: 16/07/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.9.0/50 - Release Date: 16/07/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: [BULK] AW: [pfSense Support] carp array
Hi, 1. config all your public IPs as CARP-IPs, so the pfsense will answer them on wan Sorry to ask, it is possible for me to do this for replacing IP Aliases? currently i'm have to manually edit config.xml to include all those Public IP that i have under shellcmd so that my WAN interfaces will answer to all my public IP and port forward to my server on DMZ with private IP set ( 192.168.0.x ) Please shed me some light on this and thanks in advances, Regards, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Re: [BULK] AW: [pfSense Support] carp array
Yikes...why aren't you using proxy arp? At any rate, carp will work for that too - it'll be somewhat noisy, but'll work just fine. In fact...what the hell I recommend it, there, I said it...;-P --Bill On 7/18/05, ijez [EMAIL PROTECTED] wrote: Hi, 1. config all your public IPs as CARP-IPs, so the pfsense will answer them on wan Sorry to ask, it is possible for me to do this for replacing IP Aliases? currently i'm have to manually edit config.xml to include all those Public IP that i have under shellcmd so that my WAN interfaces will answer to all my public IP and port forward to my server on DMZ with private IP set ( 192.168.0.x ) Please shed me some light on this and thanks in advances, Regards, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
