CARP and NAT
Elliott Barrere
elliott at mywedding.com
Tue Jul 28 21:31:56 UTC 2009
Nevermind, I sorted out my issue. The carp1 interface had multiple
IPs assigned and PF was pulling the last one. Adding a carp_ip
variable and changing the NAT statement makes it work:
nat on $cable_if from $lan_net to any -> $carp_ip
This does make me wonder though more generally about when to use the
carp interface versus the physical interface in PF. Does anyone know
of a guide or a good rule of thumb?
Thanks!
:: elliott barrere :: 206.855.7011 ::
On Jul 28, 2009, at 1:56 PM, Elliott Barrere wrote:
> Hi everyone, please excuse my noobiness.
>
> I have a basic firewall setup with CARP running on the LAN and WAN
> interfaces. CARP and pfsync seem to be functioning properly. The
> problem is I can't seem to figure out how to make pf NAT from the
> internal network to the carp1 interface IP on the outside (packets
> always end up coming from the IP of the physical interface in
> question).
>
> I thought I could do something like:
>
> nat on $carp_if from $lan_net to any -> ($carp_if)
>
> but that doesn't work. Can anyone provide me examples of a setup
> using CARP and NAT? I feel like this should be pretty common...
>
>
> Thanks!
>
> :: elliott barrere :: 206.855.7011 ::
>
>
>
More information about the freebsd-pf
mailing list