Date: Tue, 28 Jul 2009 14:31:53 -0700 From: Elliott Barrere <elliott@mywedding.com> To: freebsd-pf@freebsd.org Subject: Re: CARP and NAT Message-ID: <2B0E2B36-CB22-4C8B-B9FF-64D958B20FDA@mywedding.com> In-Reply-To: <F8BCDF7F-400D-4134-BC62-A7BE16F40C00@mywedding.com> References: <F8BCDF7F-400D-4134-BC62-A7BE16F40C00@mywedding.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Nevermind, I sorted out my issue. The carp1 interface had multiple IPs assigned and PF was pulling the last one. Adding a carp_ip variable and changing the NAT statement makes it work: nat on $cable_if from $lan_net to any -> $carp_ip This does make me wonder though more generally about when to use the carp interface versus the physical interface in PF. Does anyone know of a guide or a good rule of thumb? Thanks! :: elliott barrere :: 206.855.7011 :: On Jul 28, 2009, at 1:56 PM, Elliott Barrere wrote: > Hi everyone, please excuse my noobiness. > > I have a basic firewall setup with CARP running on the LAN and WAN > interfaces. CARP and pfsync seem to be functioning properly. The > problem is I can't seem to figure out how to make pf NAT from the > internal network to the carp1 interface IP on the outside (packets > always end up coming from the IP of the physical interface in > question). > > I thought I could do something like: > > nat on $carp_if from $lan_net to any -> ($carp_if) > > but that doesn't work. Can anyone provide me examples of a setup > using CARP and NAT? I feel like this should be pretty common... > > > Thanks! > > :: elliott barrere :: 206.855.7011 :: > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2B0E2B36-CB22-4C8B-B9FF-64D958B20FDA>