From owner-freebsd-net@freebsd.org Tue Oct 8 15:20:42 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CAFA112CC63 for ; Tue, 8 Oct 2019 15:20:42 +0000 (UTC) (envelope-from mgrooms@shrew.net) Received: from mx2.shrew.net (mx2.shrew.net [38.97.5.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46ngyx4FpPz45fQ for ; Tue, 8 Oct 2019 15:20:41 +0000 (UTC) (envelope-from mgrooms@shrew.net) Received: from mail.shrew.net (mail.shrew.prv [10.24.10.20]) by mx2.shrew.net (8.15.2/8.15.2) with ESMTP id x98FKeGV051709 for ; Tue, 8 Oct 2019 10:20:40 -0500 (CDT) (envelope-from mgrooms@shrew.net) Received: from [10.16.32.30] (65-36-5-114.static.grandenetworks.net [65.36.5.114]) by mail.shrew.net (Postfix) with ESMTPSA id 2C15D193C32 for ; Tue, 8 Oct 2019 10:20:35 -0500 (CDT) Subject: Re: CARP and NAT question To: freebsd-net@freebsd.org References: <20191008134851.GP2691@home.lan> From: Matthew Grooms Message-ID: Date: Tue, 8 Oct 2019 10:20:34 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <20191008134851.GP2691@home.lan> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx2.shrew.net [10.24.10.11]); Tue, 08 Oct 2019 10:20:40 -0500 (CDT) X-Rspamd-Queue-Id: 46ngyx4FpPz45fQ X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mgrooms@shrew.net designates 38.97.5.132 as permitted sender) smtp.mailfrom=mgrooms@shrew.net X-Spamd-Result: default: False [-3.33 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[132.5.97.38.list.dnswl.org : 127.0.10.0]; IP_SCORE(-1.03)[ip: (-9.53), ipnet: 38.0.0.0/8(2.84), asn: 174(1.60), country: US(-0.05)]; DMARC_NA(0.00)[shrew.net]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:174, ipnet:38.0.0.0/8, country:US]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 15:20:42 -0000 Hi Julien, It's not clear why you are trying to assign multiple carp IP address to two different interfaces from within the same IP subnet. Are you trying to fail over a 2nd carp address or are you trying to improve throughput/redundancy? If you just want to fail over a 2nd carp address, assign a 2nd alias to your first interface. If your trying to improve throughput/redundancy, assign both interfaces to a lagg and build your carp interfaces on top of that instead. -Matthew On 10/8/2019 8:48 AM, Julien Cigar wrote: > Hello, > > I'd like to NAT outbound traffic from two different private networks > through two different interfaces, with CARP on top. I have 4 public IPS > available (193.x.x.89, 193.x.x.90, 193.x.x.91, 193.x.x.92). > > I have two redundant router/firewall running FreeBSD 12 with CARP and > PF with the following: (1) which works well, but all traffic > goes through the same interface. > > So I'd like to switch to something like (2), which will not work (lines > 5 and 13 are not valid) and I'm wondering if I could use something like > (3) ..? > > Thank you! > Julien > > (1) https://gist.github.com/silenius/4f6173a9b6690292c2174ab3bb89d292 > (2) https://gist.github.com/silenius/da9be7e74e9861fa55f927d194e3e410 > (3) https://gist.github.com/silenius/b237565b0d181248ff80ea296e5537db >