Yes its driving me mad... if cluster was not a critical production system, I'd do a reset to default over slave
Regards On Tue, Nov 29, 2011 at 5:35 PM, Fuchs, Martin < [email protected]> wrote: > Hmmm, > Weired, why does it not work then ? > Anyone else any ideas ? > > Am 29.11.2011 um 15:54 schrieb "Danny" <[email protected]>: > > Me too > > But I´ve got outbound NAT for both networks to reach internet > > 1xx.2xx.2xx.91/29 -> CARP: 1xx.2xx.2xx.90 > > 10.2xx.2xx.11/24 ---> CARP: 1xx.2xx.2xx.90 > > Regards > > On Mon, Nov 28, 2011 at 8:44 PM, Fuchs, Martin < > [email protected]> wrote: > >> Hi !**** >> >> ** ** >> >> We used in our setup outbound nat -> advanced -> translation address: >> WAN-carp**** >> >> ** ** >> >> Might this help ?**** >> >> ** ** >> >> Regards,**** >> >> ** ** >> >> martin**** >> >> ** ** >> >> *Von:* [email protected] [mailto: >> [email protected]] *Im Auftrag von *Danny >> *Gesendet:* Montag, 28. November 2011 09:24 >> >> *An:* pfSense support and discussion >> *Betreff:* Re: [pfSense] CARP: Promote backup to master/master to backup >> without halting master**** >> >> ** ** >> >> Hi,**** >> >> ** ** >> >> Correct.I have setup CARP for Lan and WAN**** >> >> ** ** >> >> Also setup manual NAT for network 10.2xx.2xx.x/24 to reach internet >> with 1xx.2xx.2xx.90. NAT for 1xx.2xx.2xx.91 to 1xx.2xx.2xx.90 (No XMLRPC >> sync for this) in node 1 and NAT for 1xx.2xx.2xx.92 to 1xx.2xx.2xx.90 (No >> XMLRPC sync for this) in node 2.**** >> >> ** ** >> >> To update packages i always connect to the node IP, not the CARP one**** >> >> ** ** >> >> Thx**** >> >> Best Regards **** >> >> ** ** >> >> On Sun, Nov 27, 2011 at 12:22 AM, Fuchs, Martin < >> [email protected]> wrote:**** >> >> Ok, let‘s see...**** >> >> You have set up CARP-IPs for WAN and LAN ? **** >> >> for example your interfaces could be configured like this: **** >> >> WAN: FW1: 1xx.2xx.2xx.91, FW2: 1xx.2xx.2xx.92, CARP: 1xx.2xx.2xx.90, GW: >> 1xx.2xx.2xx.89**** >> >> LAN: FW1: 10.2xx.2xx.11, FW2: 10.2xx.2xx.12, CARP: 10.2xx.2xx.10**** >> >> **** >> >> You connect to the gui over 10.2xx.2xx.10 or th explicitely choose a >> system .11, .12**** >> >> Now both systems should have correct internet connectivity because it’s >> all routed cleanly…**** >> >> **** >> >> Remember you should have enough external IPs to use CARP for WAN ;-)**** >> >> **** >> >> Regards,**** >> >> **** >> >> martin**** >> >> **** >> >> **** >> >> *Von:* [email protected] [mailto: >> [email protected]] *Im Auftrag von *Danny >> *Gesendet:* Freitag, 25. November 2011 11:48 >> *An:* pfSense support and discussion >> *Betreff:* Re: [pfSense] CARP: Promote backup to master/master to backup >> without halting master**** >> >> **** >> >> I can reach internet from backup only if I halt the master fw >> >> Thank you >> Best Regards >> >> **** >> >> On Fri, Nov 25, 2011 at 11:36 AM, Fuchs, Martin < >> [email protected]> wrote:**** >> >> Sounds like the GW of the backup system is not correct. >> Can the backup reach the internet using ping or else ? >> >> Am 25.11.2011 um 11:05 schrieb "Danny" <[email protected]>:**** >> >> >> > Hi, >> > >> > I´ve got a cluster of pfsense 1.2.3 firewalls, but I´m having troubles >> to install packages on backup firewall. >> > >> > I need to promote backup firewall to master without switching off the >> master (reason is that squid is only in master firewall and cannot halt the >> system to force backup promotion) >> > >> > Would be enough to change in Virtual IPs the Advertising Frequency from >> 0 to 100 in master, and 100 to 0 in backup? >> > >> > In CARP settings for both fw Sync is enabled, but in backup fw >> checkboxes are not checked, preventing surprises.... >> > >> > Thank you >> > Best Regards >> > -- >> > dpc**** >> >> > _______________________________________________ >> > List mailing list >> > [email protected] >> > http://lists.pfsense.org/mailman/listinfo/list >> _______________________________________________ >> List mailing list >> [email protected] >> http://lists.pfsense.org/mailman/listinfo/list**** >> >> >> >> >> -- >> dpc**** >> >> >> _______________________________________________ >> List mailing list >> [email protected] >> http://lists.pfsense.org/mailman/listinfo/list**** >> >> >> >> **** >> >> ** ** >> >> -- >> dpc**** >> >> _______________________________________________ >> List mailing list >> [email protected] >> http://lists.pfsense.org/mailman/listinfo/list >> >> > > > -- > dpc > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > > -- dpc
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
