0

In pfSense 2.0, I have a bunch of WAN CARP Virtual IPs and a bunch of 1:1 NAT rules defined associating these IPs to LAN subnet hosts.

  • If I set up Port Forwarding rules that forward from CARP IPs that I have already defined in 1:1 to other hosts, which rule takes precedence? 1:1 or Port Forwarding?
  • If I set up a load balancer for web servers and have it listen on a CARP IP that I already have a 1:1 definition for, which one takes precedence?

And on a similar note, can I set up a CARP VIP on the WAN IP defined for pfSense? Does pf really need this IP to operate?

  • For example, if my WAN subnet IP is 8.8.8.8/24, can I setup a CARP for 8.8.8.8 and port forward requests directed to 8.8.8.8 to other hosts?
tacos_tacos_tacos
  • 3,220
  • 16
  • 58
  • 97

1 Answers1

0

Read the book. http://pfsense.org/book The ordering is described in detail there and is all applicable to 2.0. In short, port forwards and the server load balancer both win over 1:1.

You can't do CARP on the WAN IP, each WAN must have its own IP and it cannot fail over. Same as HSRP, VRRP, etc.

Chris Buechler
  • 2,938
  • 14
  • 18