Hi ! We used in our setup outbound nat -> advanced -> translation address: WAN-carp
Might this help ? Regards, martin Von: [email protected] [mailto:[email protected]] Im Auftrag von Danny Gesendet: Montag, 28. November 2011 09:24 An: pfSense support and discussion Betreff: Re: [pfSense] CARP: Promote backup to master/master to backup without halting master Hi, Correct.I have setup CARP for Lan and WAN Also setup manual NAT for network 10.2xx.2xx.x/24 to reach internet with 1xx.2xx.2xx.90. NAT for 1xx.2xx.2xx.91 to 1xx.2xx.2xx.90 (No XMLRPC sync for this) in node 1 and NAT for 1xx.2xx.2xx.92 to 1xx.2xx.2xx.90 (No XMLRPC sync for this) in node 2. To update packages i always connect to the node IP, not the CARP one Thx Best Regards On Sun, Nov 27, 2011 at 12:22 AM, Fuchs, Martin <[email protected]<mailto:[email protected]>> wrote: Ok, let's see... You have set up CARP-IPs for WAN and LAN ? for example your interfaces could be configured like this: WAN: FW1: 1xx.2xx.2xx.91, FW2: 1xx.2xx.2xx.92, CARP: 1xx.2xx.2xx.90, GW: 1xx.2xx.2xx.89 LAN: FW1: 10.2xx.2xx.11, FW2: 10.2xx.2xx.12, CARP: 10.2xx.2xx.10 You connect to the gui over 10.2xx.2xx.10 or th explicitely choose a system .11, .12 Now both systems should have correct internet connectivity because it's all routed cleanly... Remember you should have enough external IPs to use CARP for WAN ;-) Regards, martin Von: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] Im Auftrag von Danny Gesendet: Freitag, 25. November 2011 11:48 An: pfSense support and discussion Betreff: Re: [pfSense] CARP: Promote backup to master/master to backup without halting master I can reach internet from backup only if I halt the master fw Thank you Best Regards On Fri, Nov 25, 2011 at 11:36 AM, Fuchs, Martin <[email protected]<mailto:[email protected]>> wrote: Sounds like the GW of the backup system is not correct. Can the backup reach the internet using ping or else ? Am 25.11.2011 um 11:05 schrieb "Danny" <[email protected]<mailto:[email protected]>>: > Hi, > > I´ve got a cluster of pfsense 1.2.3 firewalls, but I´m having troubles to > install packages on backup firewall. > > I need to promote backup firewall to master without switching off the master > (reason is that squid is only in master firewall and cannot halt the system > to force backup promotion) > > Would be enough to change in Virtual IPs the Advertising Frequency from 0 to > 100 in master, and 100 to 0 in backup? > > In CARP settings for both fw Sync is enabled, but in backup fw checkboxes are > not checked, preventing surprises.... > > Thank you > Best Regards > -- > dpc > _______________________________________________ > List mailing list > [email protected]<mailto:[email protected]> > http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list [email protected]<mailto:[email protected]> http://lists.pfsense.org/mailman/listinfo/list -- dpc _______________________________________________ List mailing list [email protected]<mailto:[email protected]> http://lists.pfsense.org/mailman/listinfo/list -- dpc
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
