Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Multiple public IP aliases on CARP/HA WAN
« previous
next »
Print
Pages: [
1
]
Author
Topic: Multiple public IP aliases on CARP/HA WAN (Read 4599 times)
j2b
Newbie
Posts: 1
Karma: 0
Multiple public IP aliases on CARP/HA WAN
«
on:
May 26, 2017, 10:04:09 pm »
Planning to move to HA solution with 2 firewalls (virtual) using CARP and sync.
# Currently (works & all ok):
- WAN interface has dedicated public IP
- Virtual IP aliases registered on WAN interface
- NATing and filters
# Issue with HA solution.
For HA to work, WAN interfaces have to use 3 public IPs. 2x dedicated on each box WAN interface, and VIP/CARP IP.
So far clear. But I have to register additional public IP aliases on firewall WAN side further to be NATed. I utilize several public subnets too.
Q:
- Can I register additional WAN interface IP aliases as single entry, and they will be serviced (synced/moved) appropriately? (I'm in doubt, as due to sync, such IP alias would appear on both nodes, and would make IP conflict on WAN network segment.)
...or...
- Should I use the same principle as above - use 3 IPs (aliases in addition to main FW node IP addressing), where 2x are assigned as alias to WAN interface on each corresponding node, and use 3rd IP alias (registered as CARP) for HA?
The latter would significantly increase used IP space, which I'd like to avoid.
Or, in other words, how to add additional IP aliases to WAN side of HA FW cluster?
Would appreciate your thoughts or experience, if any.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Multiple public IP aliases on CARP/HA WAN
«
Reply #1 on:
May 31, 2017, 10:59:34 am »
Let's say you have a /28, 212.11.11.0/28.
FW1: 212.11.11.11
FW2: 212.11.11.12
Your CARP IP: 212.11.11.1
If you want to add more HA IPs, e.g. bind to HAProxy of do some NAT you just need additional CARP IPs but with new groups. So new CARP IP, 212.11.11.2 ... no need for a new triple.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Multiple public IP aliases on CARP/HA WAN