Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - fsidler

Pages1
#1
High availability / Re: NAT with CARP not working
August 28, 2025, 01:16:55 PM
Ah, thanks for the hint.

However, it still doesn't work! Here's my setup:
Code Select
# pfctl -s nat | grep vlan0.250
nat on vlan0.250 inet from (vlan0.250:network) to any -> 1.2.3.4 port 1024:65535
# ifconfig vlan0.250
vlan0.250: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: management (opt13)
        options=4000000<MEXTPG>
        ether 00:22:4d:84:77:29
        inet 10.89.250.3 netmask 0xffffff00 broadcast 10.89.250.255
        inet 10.89.250.1 netmask 0xffffff00 broadcast 10.89.250.255 vhid 250
        groups: vlan
        carp: MASTER vhid 250 advbase 1 advskew 0
              peer 224.0.0.18 peer6 ff02::12
        vlan: 250 vlanproto: 802.1q vlanpcp: 0 parent interface: em1
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
# tcpdump -i vlan0.250 -c 2 host 8.8.8.8
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on vlan0.250, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:08:00.024830 IP 10.89.250.42 > dns.google: ICMP echo request, id 2845, seq 1, length 64
13:08:00.027434 IP dns.google > 10.89.250.42: ICMP echo reply, id 2845, seq 1, length 64
2 packets captured
30 packets received by filter
0 packets dropped by kernel
This is fine so far, but the address is not masqueraded:
Code Select
# tcpdump -i em0 -c 2 host 8.8.8.8
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on em0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:08:26.491733 IP 10.89.250.42 > dns.google: ICMP echo request, id 2846, seq 1, length 64
13:08:26.494192 IP dns.google > 10.89.250.42: ICMP echo reply, id 2846, seq 1, length 64
2 packets captured
335 packets received by filter
0 packets dropped by kernel
How can I make this work?
#2
High availability / Re: NAT with CARP not working
August 28, 2025, 08:10:20 AM
Ok, probably found the source of the issue:
Code Select
# pfctl -s nat | grep carp
no nat proto carp all
no rdr proto carp all
  • How can I (persistently) remove these PF rules?
  • What is the reason to add these by default in the first place?

Greetings,
Fabiano
#3
High availability / NAT with CARP not working
August 25, 2025, 04:28:00 PM
Hi folks!

I'm trying to NAT with CARP addresses, but it doesn't work. I have the following configuration:

Code Select
Interfaces / Devices / VLAN
  Device         vlan0.250 [management]
  Parent         em1 (aa:bb:cc:dd:ee:ff) [LAN]
  VLAN tag       250
  VLAN priority  Best Effort (0, default)
  Description    mgmt
Interfaces / Assignments
  Interface   [management]
  Identifier  opt13
  Device      vlan0.250 mgmt (Parent: em1, Tag: 250)
Interfaces / [management]
  Basic configuration
    Enable                   Enable Interface
    Description              management
  Generic configuration
    IPv4 Configuration Type  Static IPv4
  Static IPv4 configuration
    IPv4 address             10.89.250.2 / 24
Interfaces / Virtual IPs / Settings
  Network / Address  10.89.250.1 / 24
  VHID Group         250 (freq. 1/0)
  Interface          management
  Mode               CARP
Firewall / NAT / Outbound
  Mode
    Manual outbound NAT rule generation (no automatic rules are being generated)
  Manual rules
    Interface         management
    Source            management net
    Source Port       *
    Destination       *
    Destination Port  *
    NAT Address       some public IP
    NAT Port          *
    Static Port       No
However, the address from the 10.89.250/24 doesn't get masqueraded as I can see using tcpdump. What am I doing wrong or missing?

Greetings,
Fabiano
#4
High availability / Re: Cannot configure CARP on VLANs
August 11, 2025, 01:36:18 PM
PEBKAC.
Still had to create an assignment under Interfaces / Assignments for each entry created under Interfaces / Devices / VLAN.
Problem solved!
#5
High availability / Cannot configure CARP on VLANs
August 11, 2025, 11:34:25 AM
Hi folks!

I'm trying to setup CARP on VLANs. However, when I try to add a CARP under Interfaces / Virtual IPs / Settings, none of the VLANs is available in the "Interface" combobox of the "Edit Virtual IP" dialog. Did I do something wrong or is CARP not supposed to be used on VLANs at all? A clarification in the corresponding help popup would then be great.

Greetings,
Fabiano
Pages1