You have to use advanced outbound NAT and the tutorial covers this. Otherwise your connections from your node one will be natted to the REAL IP of the interface, not the CARP VIP. On failover the other machine takes over the communication and uses it's REAL IP which causes a change of the public IP and the states are not correct any more. You have to use advanced outbound NAT at both machines.
Quick guide: - enable advanced outbound - edit the created rule at the bottom of the page and use as "Translation" your CARP WAN VIP (in case you have OPT subnets copy this rule and edit it to match every internal source network) - save and apply Reset states and retry the failover again Holger > -----Original Message----- > From: sai [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 09, 2006 7:53 AM > To: [email protected] > Subject: [pfSense Support] Re: carp pfsync - sessions not carried over > to slave > > > Holger, > > I dont really understand the question (!) , but I am not using > advanced outbound NAT. > > I just followed the tutorial on > http://www.pfsense.org/mirror.php?section=tutorials/carp/carp- > cluster-new.htm > > sai > > On 5/6/06, Holger Bauer <[EMAIL PROTECTED]> wrote: > > Are you using advanced outbound nat to use the shared CARP > IP of both nodes > > and not the real IPs of the machines? > > > > Holger > > > > > -----Original Message----- > > > From: sai [mailto:[EMAIL PROTECTED] > > > Sent: Saturday, May 06, 2006 1:24 PM > > > To: [email protected] > > > Subject: [pfSense Support] carp pfsync - sessions not > carried over to > > > slave > > > > > > > > > I have 2 pfsense-beta-3 machines running with > carp/pfsync. I followed > > > the carp tutorial to setup. > > > > > > I have a download running and then I shutdown the left > machine (which > > > is master). The right machine then becomes master and new > sessions are > > > setup ok, but the existing download does not proceed, but > just hangs. > > > Similarly if I ping the gateway this also hangs when the > switchover > > > occurs, but new pings work fine. > > > > > > My rules propogate ok from the master to the slave, but not the > > > sessions. Have I missed something or is this how it works? > > > > > > In CARP settings I have the following selected: > > > Synchronize Enabled > > > Synchronize rules > > > Synchronize aliases > > > Synchronize nat > > > Synchronize Virtual IPs > > > Synchronize DNS Forwarder > > > > > > sai > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > ____________ > > Virus checked by G DATA AntiVirusKit > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > ____________ Virus checked by G DATA AntiVirusKit --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
