If the port forwards are on the WAN addresses themselves, to my knowledge they will not fail over. My understanding is that all "addresses" (and port forwards) that you intend to survive a failover must be on CARP addresses.
Dimitri Rodis Integrita Systems LLC -----Original Message----- From: Justin The Cynical [mailto:[email protected]] Sent: Sunday, May 30, 2010 10:56 PM To: [email protected] Subject: [pfSense Support] CARP and NAT problems Greetings. I finally set up a failover box for CARP. And so far, everything seems to be working fine, with one minor detail. WAN IP range: .65 - .96 .66 - .68 are setup as CARP .65 and .69 are the WAN interfaces Port forwards on .65 and .69 The problem: When this was a single machine, I had port forwards set up on all the IP's, and everything was peachy. However, now with multiple machines, the port forwards on the WAN interfaces will work, depending on the machine that is active. Take a port forward from .65 to internal address (master) Take a port forward from .69 to internal address (backup) The port forward to .65 works, but the .69 does not. If the machines failover (.69 becomes the active machine), the forward for .69 works, but the .65 does not. When .65 comes back up as the active box, the forward on .69 stops working. And since I don't have the WAN addresses as a VIP, this also breaks AON for the mentioned IP's. Last time I looked, I was told that the WAN addresses were useable for IB/OB NAT, but it appears this is not the case, or I'm missing something. Any suggestions on where to look or any words of wisdom? Thank you, Justin --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
smime.p7s
Description: S/MIME cryptographic signature
