I have two pfSense boxes running a recent version of 1.2 RC3. Fail-over
seems to work correctly when the master unit dies, and the master unit
takes back over when it comes back online, so I figure most of my
settings must be mostly correct (I followed the visual tutorial listed
on the pfsense.com site).
I do, however, seem to have one problem with the slave carp unit. When
it is not the master unit, it does not have internet access. From the
diagnostic ping page on the web configurator of the carp slave, I cannot
ping a remote site and the list of addon packages for the unit do not
show up. Also, Snort rules will not update. From the WAN side, I am
able to ping the real IP of the carp slave, but cannot connect to it
remotely (unless it is working as the master carp unit).
I believe that my problem may be a NAT issue. I have advanced outbound
NAT enabled and have the master unit configured to sync NAT with the
slave. I have found, however, that if I create a manual rule on the
slave unit that tells it to perform NAT for all traffic and to use the
real WAN IP address that all Internet access for the carp slave is
restored. As soon as I remove this rule and rely on the synced advanced
outbound NAT rule that is replicated from the master unit, however,
internet access to the slave unit dies.
I am able to access the master unit from both the Carp Wan IP and from
its real Wan IP, and everything seems to work correctly with it. Both
machines have identical hardware.
The advanced outbound NAT rule that is synced between the two units is
as follows:
Interface -- WAN
Source -- any
Source Port -- *
Destination -- *
Destination Port -- *
NAT Address -- The Carp IP Address
NAT Port -- *
Static Port -- No
I have searched the mailing list and the forum and the updated carp
documentation on the pfsense documentation site, but I have not yet
found an explanation for this problem.
I appreciate any help that may be available.
Thanks,
Vaughn Reid III
Indiana, USA
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]