1

I have the following problem, and I cannot find the solution, even after googling and reading the pfsense documentation.

my ISP gave me the following information:

Gateway: 1.2.3.254/32
Public IP: 5.4.3.2/32

If I use these information in my pfsense box, it works without any problem.

Now, I want to have some HA with Carp and multi-WAN. Before doing the whole setup, since this is the first time I am doing it, I want to do step by step, and doing 1 node with 1 WAN IP and test that it works.

If that works, I will add the second node.

After googling a lot, and reading everything I could on the subject, I have found the following 2 posts, which helps me to do what I want to achieve:

So, here is my setup in pfSense:

  • Gateway of my ISP: 1.2.3.254/32
  • pfSense WAN: 192.168.99.1/30
  • CARP VIP WAN: 5.4.3.2/32
  • AON
    • Source: any
    • Source Port : *
    • Destination: 5.4.3.2/32
    • Destination Port: *
    • NAT Address: WAN Address (192.168.99.1)
    • Nat Port: *
    • Static Port: Randomize Source Port

For the gateway, I have tried the following three scenarios:

1) Gateway: 5.4.3.2

2) Gateway: 1.2.3.254

3) Gateway: 5.4.3.2 and static route 5.4.3.2 via gw 1.2.3.254

And I cannot make the whole thing work. I get no connection to internet.

I use pfsense 2.3.2-RELEASE-p1

Could help me? I am stuck now... and don't what else to do...

Alessandro Perucchi
  • 61
  • 1
  • 8

2 Answers2

1

Just for the sake of completion, and also for me in the future...

even after doing everything, even if the answer from SmallLoanOf1M was helping me a lot to solve my problem, it wasn't working all the time...

I found out that the problem was that the ARP entry for the gateway wasn't filled. I needed to do a arp -s 1.2.3.254 00:de:ad:be:ef:ff and after adding it into the boot process to be sure that it was really entered, now it works everytime...

So the final setup I have is that one:

Gateway of my ISP: 1.2.3.254/32
pfSense WAN: 192.168.99.1/30
CARP VIP WAN: 5.4.3.2/32
AON
    Source: any
    Source Port : *
    Destination: *
    Destination Port: *
    NAT Address: CARP VIP WAN (5.4.3.2/32)
    Nat Port: *
    Static Port: Randomize Source Port
Add ARP entry for the Gateway (in my case 00:de:ad:be:ef:ff)

god... some many hours/days lost for that :-( At least, now I know! And I hope that could help some of you that had a similar problem that this one.

Alessandro Perucchi
  • 61
  • 1
  • 8
0

Your NAT WAN address should be the CARP VIP, not the private IPs you're using for the base WAN interfaces.

In your case, the private addresses on WAN are only so pfSense can access the interfaces. You won't be using those addresses in any configuration aside from the "interfaces" pane and providing them as constituent interfaces for CARP.

Spooler
  • 7,016
  • 16
  • 29
  • I thought I've done that too... well now it works!! I've changed the default GW to the one given by my provider -> 1.2.3.254 And everything was working as expected! I've rebooted the pfSense router, just to be sure it was not a side effect. And everything was correctly setup! – Alessandro Perucchi Nov 17 '16 at 09:48