OPNsense Forum
Archive => 20.1 Legacy Series => Topic started by: c-mu on March 15, 2020, 12:24:18 pm
-
Hi,
I've got a few Public IP's and Configured them like this:
HA-Master: x.x.x.103
HA-Slave: x.x.x.250
All other IP's as CARP - IP Alias with VHID did'nt worked for me.
So my question now is about: I've got a few Port Forwards for the x.x.x.250 IP. But as long as my Master is... the master.. all requests are first going to my HS-Slave, becuase it is the Public IP of the slave, and my Service behind the .250 want to answer via default Gateway, wich is my Master - you see the problem? A valid connection cant be established. Is there a routing trick, that I did'nt see so far?
Is it Possbile the set the .250 as an other CARP address, even though that this is the public IP of the slave? My thought is, that the Master will then receive the .250 requests.
Thank you!
-
Hi,
if you have configured the IP for Slave and Master fixed to the interfaces they are NOT part of HA-Sync.
Only CARP Adresses are synchronized and the Port forward will work after take over.
The Fixed addresses should only be used for direct access of each Box, not for services or Port-Forwards.
That means each box has a fixed WAN Adress not part of HA-Setup and in most cases each box has a fixed LAN Adress. Same here for LAN Addresses, they are not part of HA-Setup.
More detailed information:
https://wiki.opnsense.org/manual/how-tos/carp.html
-
So in other words i should Set a private Addresse on the outside Interface and all Public addresses AS carp?
-
No, I think you loose two public Addresses for the two Firewalls and the rest of the public IPs you can use as CARP.