For a CARP setup the real IPs shouldn't be used for anything other then the firewall itself (as these can't failover), so you should use the CARP VIPs for both, portforwardings and outbound NAT.
Holger -----Original Message----- From: Alastair Stevens [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 19, 2006 10:21 AM To: [email protected] Subject: [pfSense Support] NAT/port forward not coping with CARP? Hi again - we've reached what should hopefully be the final hurdle before getting our new dual pfSense boxes into service. This time it's NAT/port forwarding. We had a few simple rules setup on the old system, which obviously work fine. On the new systems, we're not quite getting through. I have duplicated the list of NAT rules, so that there are similar rules for *both* public WAN addresses, and I've added the necessary firewall rules of course. On testing this, I can see the connection in the logs, being passed by the firewall and sent to the correct internal destination. But we're not actually getting any response from the target host. One question - should the external IPs be set to the *real* IP of the WAN/WAN2 interface, or the *virtual* IPs, as used for the outbound NAT? It doesn't seem possible to choose the virtuals in the GUI, but it works when hacking the config file directly. Any ideas on diagnosing this one, and discovering at what point the incoming connection is 'stopping'? Cheers Alastair SysAdmins Ltd Cambridge, UK ____________ Virus checked by G DATA AntiVirusKit --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
