On 21-9-2011 13:26, David Burgess wrote:
On Wed, Sep 21, 2011 at 5:13 AM, David Brown<da...@westcontrol.com> wrote:
I have two WAN connections. One is a symmetric link (10/10), the other is
ADSL (8/1). I would like to set these up so that the symmetric link is the
main link, with the ADSL as backup. But http traffic can be balanced
between them. Can I arrange that?
Yes.
See Routing, Gateway Groups. You can add multiple groups and different
fallback tiers.
On one of the WAN connections, I have several IP addresses (a /28 subnet).
Several services coming in on these IP addresses need to be NAT'ed to
different internal servers, depending on the port and the IP address
targeted. It is important that replies from the internal servers get
returned from the same IP as originally targeted. Will that work with
pfSense?
I believe virtual IPs (VIP) would take care of that in pfsense.
Use this together with the 1:1 NAT feature.
I am seriously considering getting two pfSense boxes with CARP failover.
Does this require identical hardware on the two systems (or perhaps just
identical network card setups)?
I don't think this is a requirement for CARP.
This is not a requirement, however, if the master is gigabit make sure
the backup has gigabit too.
How much information is passed over the
link between the boxes - does it cover all setup, configuration, rules, dhcp
leases, etc.? How often does this synchronisation take place?
Not sure.
It synchronizes state for traffic failover, the rest is toggle boxes on
the virtuall IP settings page. Leases are not transferred, static
mappings are, you can do DHCP on both nodes with failover, see the DHCP
settings page for that.
Am I correct
in thinking that each box needs its own individual IP address on each
network interface (including VLAN interfaces), and they share one or more
CARP aliases?
I believe that's correct.
They need their own IP + the redundant carp IP, so atleast 3. You will
need to make manual outbound NAT rules so that all traffic originates
from the external CARP address after NAT. This is required for failover.
Regards,
Seth
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
