[pfSense Support] Newbie question for CARP, failover, AON and multiple WAN IP's
Greetings. Have a newbie question on carp and fail over setup. I have searched and searched around, but my googlefu must be weak as most of what I've found covers multi-WAN and load balancing, which is not what I'm after. I have looked at the following: http://files.chi.pfsense.org/mirror/tutorials/carp/carp-cluster-new.htm Out of date http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP) Has a lot of info, but doesn't answer all my questions and concerns I'm on a comcast business account, five statics using AON. All five statics have traffic coming from them (DNS, mail, etc). At this time, I have four of the five WAN IP's set up as proxy ARP, with the fifth address assigned to the physical interface itself. If I understand what docs I can find on this, I have to assign the pri and fail over boxes their own IP, both public and private, with one assigned as the default address. To set this up, I have to assign all five WAN addresses as CARP addresses, yes? So instead of four proxy ARP addresses, I will have five CARP Virtual IP addresses defined, am I understanding this correctly? And this will not affect the AON and inbound port forwarding rules, correct? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Newbie question for CARP, failover, AON and multiple WAN IP's
Justin The Cynical wrote: I'm on a comcast business account, five statics using AON. All five statics have traffic coming from them (DNS, mail, etc). At this time, I have four of the five WAN IP's set up as proxy ARP, with the fifth address assigned to the physical interface itself. If I understand what docs I can find on this, I have to assign the pri and fail over boxes their own IP, both public and private, with one assigned as the default address. To set this up, I have to assign all five WAN addresses as CARP addresses, yes? So instead of four proxy ARP addresses, I will have five CARP Virtual IP addresses defined, am I understanding this correctly? And this will not affect the AON and inbound port forwarding rules, correct? I do not know what comcast business account is but two boxes must have their own IPs (not virtual one per box) + as many CARP addresses as you wish (shared between boxes). In all your AON and inbound port forwarding rules you can use CARP addresses, they will be handled by active box. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Newbie question for CARP, failover, AON and multiple WAN IP's
On Thu, Aug 27, 2009 at 10:17 PM, Justin The Cynicalcyni...@penguinness.org wrote: Evgeny Yurchenko wrote: I do not know what comcast business account is but two boxes must have Option for statics, no ports blocked. their own IPs (not virtual one per box) + as many CARP addresses as you wish (shared between boxes). In all your AON and inbound port forwarding rules you can use CARP addresses, they will be handled by active box. Right, but what about the addresses assigned to the physical boxes? Example: IP's of 10.0.0.1 through 10.0.0.5 Physical machines assigned 10.0.0.1 and 10.0.0.5 Addresses 10.0.0.2,3, and 4 will be added as CARP addresses, but what about 1 and 5, are they entered in as CARP address as well? No, those are interface addresses. Each firewall has an interface address, plus the CARP IPs that you can use for redundant services. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Newbie question for CARP, failover, AON and multiple WAN IP's
Don't forget to reset your cable modem after changing this. Even the business modem has a way of retaining MAC addresses. --Bill - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Newbie question for CARP, failover, AON and multiple WAN IP's
On Fri, Aug 28, 2009 at 12:16 AM, Justin The Cynicalcyni...@penguinness.org wrote: Evgeny Yurchenko wrote: Justin The Cynical wrote: So working with the previous example, assume that the single router is using .1 with AON directing traffic out via all the available IP's. If I was to implement a fail over and put a machine on .5, would I still be able to use that address for AON, and if so, does the other install handle the traffic that would be sent out over the failed box, or are the only usable IP's the CARP addresses? To get HA you have to use only CARP addresses in AON (the same is true for portforwarding and 1:1 NAT) Well shoot, that kills off implementing a fail over for me as I make use of all the IP's. You can still use all the IPs, but the two that are tied to the individual firewalls will only function when that firewall is up. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Newbie question for CARP, failover, AON and multiple WAN IP's
Chris Buechler wrote: On Fri, Aug 28, 2009 at 12:16 AM, Justin The Cynicalcyni...@penguinness.org wrote: *snip* Well shoot, that kills off implementing a fail over for me as I make use of all the IP's. You can still use all the IPs, but the two that are tied to the individual firewalls will only function when that firewall is up. Which sort of defeats part of the idea behind a fail over for me. *thinks* However, putting the boxes on the IP's that the DNS servers use would allow for functionality of the domain if one box was down. Or I could try using private IP addresses on the WAN interfaces and CARP everything (not that I would expect that to work). Will have to think on this, thank you again for the information, this is info that I wasn't able to find on any of the available docs. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Newbie question - redirect nat.
Hi, I didn't find on the wiki the answer to my problem. I tried to add a simple redirect rule using all the NAT submenus, but I'm still lost. I want to: All incoming traffic (from inside my network) to a certain host A to be redirect to another host on my network, say host B. Both hosts are inside my network A service that was previously running on one machine needs to run on another machine, so I need the redirect to be transparent to users, since it's temporary. thanks in advance = -- Powered by Outblaze - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Newbie question - redirect nat.
As you said both Hosts A and B are on your local network...do you think the local request from any of these two will hit the gateway? If you want to keep it transparent then swap the IPs of Host A and Host BDont involve Pfsense in it..! Regards Abdulrehman On Mon, Mar 2, 2009 at 7:44 PM, k bah k...@linuxmail.org wrote: Hi, I didn't find on the wiki the answer to my problem. I tried to add a simple redirect rule using all the NAT submenus, but I'm still lost. I want to: All incoming traffic (from inside my network) to a certain host A to be redirect to another host on my network, say host B. Both hosts are inside my network A service that was previously running on one machine needs to run on another machine, so I need the redirect to be transparent to users, since it's temporary. thanks in advance = -- Powered by Outblaze - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] newbie question
Is there a way to display current time/date on the dashboard? Sam - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] newbie question
I have a Dell PC(GX110 w/ 2 3com ethernet cards - on board NIC is disabled) that I have loaded with RC3. I have tried using the live CD and loading the hard drive. Both interfaces are up and connected to other PC's to create a test network. I have assigned the lan to xl0 and tried to DHCP an address from a PC on the lan side. So far I have not been able to DHCP an ip from the PFSense box or ping the PFSense lan interface(hard code an IP - 192.168.1.100/24 on the client PC). I can not get the web interface to come up in the client browser either. The only thing that makes me think that something is wrong with the install is that the PFSense installs keeps saying that interface SIS0 does not exist. I've also looked at the config.xml and it seems to be ok(default) on the lan settings. Any ideas on what I should do next? Thanks Richard www.bizsyscon.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] newbie question
You need crossovercables when not using a switch. Holger -Original Message- From: Richard Davis [mailto:[EMAIL PROTECTED] Sent: Monday, October 02, 2006 11:39 PM To: support@pfsense.com Subject: [pfSense Support] newbie question I have a Dell PC(GX110 w/ 2 3com ethernet cards - on board NIC is disabled) that I have loaded with RC3. I have tried using the live CD and loading the hard drive. Both interfaces are up and connected to other PC's to create a test network. I have assigned the lan to xl0 and tried to DHCP an address from a PC on the lan side. So far I have not been able to DHCP an ip from the PFSense box or ping the PFSense lan interface(hard code an IP - 192.168.1.100/24 on the client PC). I can not get the web interface to come up in the client browser either. The only thing that makes me think that something is wrong with the install is that the PFSense installs keeps saying that interface SIS0 does not exist. I've also looked at the config.xml and it seems to be ok(default) on the lan settings. Any ideas on what I should do next? Thanks Richard www.bizsyscon.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] newbie question
I have cross over cables and lights on both ends. -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Monday, October 02, 2006 5:13 PM To: support@pfsense.com Subject: RE: [pfSense Support] newbie question You need crossovercables when not using a switch. Holger -Original Message- From: Richard Davis [mailto:[EMAIL PROTECTED] Sent: Monday, October 02, 2006 11:39 PM To: support@pfsense.com Subject: [pfSense Support] newbie question I have a Dell PC(GX110 w/ 2 3com ethernet cards - on board NIC is disabled) that I have loaded with RC3. I have tried using the live CD and loading the hard drive. Both interfaces are up and connected to other PC's to create a test network. I have assigned the lan to xl0 and tried to DHCP an address from a PC on the lan side. So far I have not been able to DHCP an ip from the PFSense box or ping the PFSense lan interface(hard code an IP - 192.168.1.100/24 on the client PC). I can not get the web interface to come up in the client browser either. The only thing that makes me think that something is wrong with the install is that the PFSense installs keeps saying that interface SIS0 does not exist. I've also looked at the config.xml and it seems to be ok(default) on the lan settings. Any ideas on what I should do next? Thanks Richard www.bizsyscon.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] newbie question
Did you assign interfaces correctly as it is complaining about sis0? Holger -Original Message- From: Richard Davis [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 03, 2006 12:19 AM To: support@pfsense.com Subject: RE: [pfSense Support] newbie question I have cross over cables and lights on both ends. -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Monday, October 02, 2006 5:13 PM To: support@pfsense.com Subject: RE: [pfSense Support] newbie question You need crossovercables when not using a switch. Holger -Original Message- From: Richard Davis [mailto:[EMAIL PROTECTED] Sent: Monday, October 02, 2006 11:39 PM To: support@pfsense.com Subject: [pfSense Support] newbie question I have a Dell PC(GX110 w/ 2 3com ethernet cards - on board NIC is disabled) that I have loaded with RC3. I have tried using the live CD and loading the hard drive. Both interfaces are up and connected to other PC's to create a test network. I have assigned the lan to xl0 and tried to DHCP an address from a PC on the lan side. So far I have not been able to DHCP an ip from the PFSense box or ping the PFSense lan interface(hard code an IP - 192.168.1.100/24 on the client PC). I can not get the web interface to come up in the client browser either. The only thing that makes me think that something is wrong with the install is that the PFSense installs keeps saying that interface SIS0 does not exist. I've also looked at the config.xml and it seems to be ok(default) on the lan settings. Any ideas on what I should do next? Thanks Richard www.bizsyscon.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]