sorry about the top post.. OE on win2k sucks for some reason. I can't create nat for vips that don't exist yet. Even if I try to just use the WAN inteface ip as the external address i still get errors. So it seems to me that the problem lies somewhere with LAN/OPT interfaces. I still get the entire 254 ips in the class C even if my lan interface address is 2.100 right? Also.. as long as i always specify /24 on my neworks I can use the 10.0.x.xxx private address range without causing any issues? ----- Original Message ----- From: "alan walters" <[EMAIL PROTECTED]> To: "Matthew Lenz" <[EMAIL PROTECTED]> Cc: <[email protected]> Sent: Tuesday, August 02, 2005 2:26 AM Subject: RE: [pfSense-discussion] carp settings?
Seems to be a bit of a bug or querk with carp setup. Setup your 1 to 1 nats first then add carp before you add any port forward rules. It seems that if there is anything in the port forward rules before this it gives the error you mention. I have seen a few people with this issue. -----Original Message----- From: Matthew Lenz [mailto:[EMAIL PROTECTED] Sent: 02 August 2005 00:49 To: pfsense Subject: Re: [pfSense-discussion] carp settings? I'm also having difficulty adding 1:1 nats and port forwarding using the public wan IP i've got configured for carp between the two firewalls. port forwarding complains that my NAT IP isn't valid and 1:1 (/32 using the virtual ip) says it overlaps an existing network. ----- Original Message ----- From: "Matthew Lenz" <[EMAIL PROTECTED]> To: "pfsense" <[email protected]> Sent: Monday, August 01, 2005 6:21 PM Subject: [pfSense-discussion] carp settings? > I've got my two firewalls setup and I think stuff is mostly working. I'm > curious about the firewall rule that the cluster tutorial talks about. Is > it still required to make the pfsync interface (opt4 on each firewall in my > case) able to pass all traffic? I really don't want that interface have > access to all the other interface networks so is it ok if I set the source > and > destination to "OPT4 net" ? .. what other stuff do I have to do to make the > firewalls sync? Can they sync new carp entries? > > do the synchronize ip and remote system passwords have to be entered on both > machines and correspond to one another or is it only entered on one machine? > > -Matt > >
