Hi, im having issues being able to access the internet when CARP is set up. The way I see it it is more of a Virtual IP issue, not caused by CARP. Here are my firewalls' configurations:
Firewall 1:
WAN interface gateway: x.x.x.105/29 - static ip from ISP
WAN interface: x.x.x.106/29 - static ip from ISP
LAN interface: 192.168.1.5/24
Virtual WAN ip: x.x.x.254/29
Virtual LAN ip: 192.168.1.1/24
Pfsync: 10.0.0.1
Firewall 2:
WAN interface gateway: x.x.x.105/29 - static ip from ISP
WAN interface: x.x.x.107/29 - static ip from ISP
LAN interface: 192.168.1.6/24
Virtual WAN ip: x.x.x.254/29
Virtual LAN ip: 192.168.1.1/24
Pfsync: 10.0.0.2
NAT rule: WAN interface, source LAN net + all other vlan net, NAT address x.x.x.254 which is WAN VIP
With this setup, with my laptop plugged into the LAN port of firewall 1 (I havent set up a switch connecting the LAN ports from both firewalls if this is the issue) I am able to ping 192.168.1.5, the gateway obviously; 192.168.1.1, the LAN VIP; x.x.x.106, the WAN address; and x.x.x.254, the WAN VIP. However, I cannot access the internet while before, (without all the virtual ip and redundant firewall) I am able to.
Please let me know if I have messed up my configuration somehow. This is my first time attempting to setup CARP so any help would be greatly appreciated. Thank you!
Hello
did you manage to solve your problem?
I have the same situation and I still don't understand what the problem could be
Your CARP WAN IP should be in the same /29 subnet as all other addresses, IMHO.
Quote from: Patrick M. Hausen on July 08, 2025, 10:50:42 AMYour CARP WAN IP should be in the same /29 subnet as all other addresses, IMHO.
Of course, this is true, we receive a /29 subnet from the provider that is completely ours.