1. config all your public IPs as CARP-IPs, so the pfsense will answer them on wan 2. use firewall>NAT>portforward to forward the virtual IPs to the Servers inside your Network (check the autocreate rule option) 3. use firewall>NAT>outbound with enabled advanced outbound NAT to make the Servers use their corrosponding virtual IP for going out to WAN (you have to create some rules for that, first match wins)
Alternatively you could use 1:1 NAT but this basically is for converting complete IP-Ranges btw, I'll redo the tutorial in some time with the new GUI-Layout. Hope this helps, Holger -----Ursprüngliche Nachricht----- Von: alan walters [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 19. Juli 2005 00:36 An: support@pfsense.com Betreff: FW: [pfSense Support] carp array I have reviewed the tutorial before, it looks good for outbound connections. How would I manage this under the latest version? (NO auto option) We have two apache servers 1 dns and 1 smtp server inside our network that clients need to access We want to use the carp array for inbound connections as well as outbound connections is this possible would I just setup the carp configuration using virtual IP's for each of my services on the WAN???? We have two apache servers 1 dns and 1 smtp server inside our network that clients need to access So we have a pool of IP's can we make all of these available in the carp pool on the wan interface?????? This is a hard thing to write but I hope someone realises what I am saying Alan -----Original Message----- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 16 July 2005 00:15 To: alan walters Cc: support@pfsense.com Subject: Re: [pfSense Support] carp array On 7/15/05, alan walters <[EMAIL PROTECTED]> wrote: > > > > We have a present firewall that we want to redunently backup. > > I have reviewed some of the information but am a little confused about how > we could deploy this. > > > > Our configureation is as follows > > > > Primary > backup > > > > > > > > Wan1 wan2(opt1) Wan1 > wan2(opt1) > > > > Lan DMZ(opt2) opt3(carp) opt3(carp) LAN > DMZ(opt2) > > > > > > Would switches be placed in front of wan1 and wan2 and then linked to > primary and backup firewalls? http://www.pfsense.com/tutorials/carp/carp_cluster.htm goes over this in detail (with pictures!) > Can I sync the entire system across this?? Can you provide failover services? Yes. Take a look at http://www.pfsense.com/tutorials/carp/carp_cluster.htm > Would the hardware need to be identical No. I use a Nexcom appliance currently as my primary firewall and a soekris 4501 as a backup. Works great. > Any thoughts on how this configuration would best be deployed. http://www.pfsense.com/tutorials/carp/carp_cluster.htm has the low down. Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.16/50 - Release Date: 15/07/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.9.0/50 - Release Date: 16/07/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.9.0/50 - Release Date: 16/07/2005 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ____________ Virus checked by G DATA AntiVirusKit --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
