Unable to access internet after CARP HA configuration, but NAT working.

[469]

Hi, im having issues being able to access the internet when CARP is set up. The way I see it it is more of a Virtual IP issue, not caused by CARP. Here are my firewalls' configurations:

Firewall 1:
WAN interface gateway: x.x.x.105/29 - static ip from ISP
WAN interface: x.x.x.106/29 - static ip from ISP
LAN interface: 192.168.1.5/24
Virtual WAN ip: x.x.x.254/29
Virtual LAN ip: 192.168.1.1/24
Pfsync: 10.0.0.1

Firewall 2:
WAN interface gateway: x.x.x.105/29 - static ip from ISP
WAN interface: x.x.x.107/29 - static ip from ISP
LAN interface: 192.168.1.6/24
Virtual WAN ip: x.x.x.254/29
Virtual LAN ip: 192.168.1.1/24
Pfsync: 10.0.0.2

NAT rule: WAN interface, source LAN net + all other vlan net, NAT address x.x.x.254 which is WAN VIP

With this setup, with my laptop plugged into the LAN port of firewall 1 (I havent set up a switch connecting the LAN ports from both firewalls if this is the issue) I am able to ping 192.168.1.5, the gateway obviously; 192.168.1.1, the LAN VIP; x.x.x.106, the WAN address; and x.x.x.254, the WAN VIP. However, I cannot access the internet while before, (without all the virtual ip and redundant firewall) I am able to.
Please let me know if I have messed up my configuration somehow. This is my first time attempting to setup CARP so any help would be greatly appreciated. Thank you!

[byDoks]

Hello

did you manage to solve your problem?
I have the same situation and I still don't understand what the problem could be

[Patrick M. Hausen]

Your CARP WAN IP should be in the same /29 subnet as all other addresses, IMHO.

[byDoks]

Your CARP WAN IP should be in the same /29 subnet as all other addresses, IMHO.

Of course, this is true, we receive a /29 subnet from the provider that is completely ours.