Show Posts
1
High availability / Link-net with CARP and HA
« on: September 12, 2023, 01:40:29 pm »
Well new here. Guess this is asked but cannot find it.
I have a /25 net that is delivered to me via a "LINK Net" on 2 connections. so I have 2 machines setup like:
port1 to ISP with IP z.z.z.2 witth carp to z.z.z.1, port 2 to our WAN switch with ip x.x.x.2 and carp to x.x.x.1
(and a 2nd opnsense with port1 to ISP with IP z.z.z.z.3 with carp to z.z.z.1 and port 2 to our WAN switch with IP x.x.x.3 and carp to x.x.x.1
so this linknet is a small /29 just to handle the link..
thing is.. I seems not to be able to pass any traffic EXCEPT pings to my WAN net.
if I check firewall logs I see the default deny rule triggers on my traffic. but even if setting rules on all ports to allow all it is refused.
so what more do I need to do to allow traffic to pass though.. NOT NATed between those 2 ethernet ports?
Any good tutorial to handle this?
SO YES. there are public IPs on both sides.
(if possible to have a 3rd network with NAT for managment it would be a plus)
I have a /25 net that is delivered to me via a "LINK Net" on 2 connections. so I have 2 machines setup like:
port1 to ISP with IP z.z.z.2 witth carp to z.z.z.1, port 2 to our WAN switch with ip x.x.x.2 and carp to x.x.x.1
(and a 2nd opnsense with port1 to ISP with IP z.z.z.z.3 with carp to z.z.z.1 and port 2 to our WAN switch with IP x.x.x.3 and carp to x.x.x.1
so this linknet is a small /29 just to handle the link..
thing is.. I seems not to be able to pass any traffic EXCEPT pings to my WAN net.
if I check firewall logs I see the default deny rule triggers on my traffic. but even if setting rules on all ports to allow all it is refused.
so what more do I need to do to allow traffic to pass though.. NOT NATed between those 2 ethernet ports?
Any good tutorial to handle this?
SO YES. there are public IPs on both sides.
(if possible to have a 3rd network with NAT for managment it would be a plus)