OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 21.1 Legacy Series »
  • Which outbound IP address in a CARP setup?
« previous next »
  • Print
Pages: [1]

Author Topic: Which outbound IP address in a CARP setup?  (Read 1053 times)

pmhausen

  • Hero Member
  • *****
  • Posts: 2795
  • Karma: 251
    • View Profile
Which outbound IP address in a CARP setup?
« on: April 06, 2021, 09:42:32 am »
Hi all,

I will implement my first HA setup this week. With a pair of firewalls and CARP active, which IP address will OPNsense use for outbound connections to WAN/default? The individual firewall's address or the CARP one?

Important for mail, SPF records, etc.

Thanks!
Patrick
Logged
Supermicro A2SDi-4C-HLN4F mainboard and SC101F chassis
16 GB ECC memory
Crucial MX300 275 GB SATA 2.5" plus
Crucial MX300 275 GB SATA M.2 (ZFS mirror)
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

Cerberus

  • Newbie
  • *
  • Posts: 48
  • Karma: 2
    • View Profile
Re: Which outbound IP address in a CARP setup?
« Reply #1 on: April 06, 2021, 10:47:23 am »
I just put a HA setup in production two weeks ago.

The Firewall itself uses its own IP, internal IPv4 traffic behind the firewall should use outbound nat and the CARP address, same goes for IPSEC and other stuff that you want in HA.
Logged

pmhausen

  • Hero Member
  • *****
  • Posts: 2795
  • Karma: 251
    • View Profile
Re: Which outbound IP address in a CARP setup?
« Reply #2 on: April 06, 2021, 11:41:45 am »
Thanks. That means the only special case will probably be the postfix for outgoing email.
Logged
Supermicro A2SDi-4C-HLN4F mainboard and SC101F chassis
16 GB ECC memory
Crucial MX300 275 GB SATA 2.5" plus
Crucial MX300 275 GB SATA M.2 (ZFS mirror)
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

mimugmail

  • Hero Member
  • *****
  • Posts: 6344
  • Karma: 437
    • View Profile
Re: Which outbound IP address in a CARP setup?
« Reply #3 on: April 06, 2021, 09:07:46 pm »
Try setting SMTP Client address to LAN, then you can Nat to HA IP in WAN
Logged
Twitter: mimu_muc
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 21.1 Legacy Series »
  • Which outbound IP address in a CARP setup?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2