In pfSense 2.0, I have a bunch of WAN CARP Virtual IPs and a bunch of 1:1 NAT rules defined associating these IPs to LAN subnet hosts.
- If I set up Port Forwarding rules that forward from CARP IPs that I have already defined in 1:1 to other hosts, which rule takes precedence? 1:1 or Port Forwarding?
- If I set up a load balancer for web servers and have it listen on a CARP IP that I already have a 1:1 definition for, which one takes precedence?
And on a similar note, can I set up a CARP VIP on the WAN IP defined for pfSense? Does pf really need this IP to operate?
- For example, if my WAN subnet IP is 8.8.8.8/24, can I setup a CARP for 8.8.8.8 and port forward requests directed to 8.8.8.8 to other hosts?
Best Answer
Read the book. http://pfsense.org/book The ordering is described in detail there and is all applicable to 2.0. In short, port forwards and the server load balancer both win over 1:1.
You can't do CARP on the WAN IP, each WAN must have its own IP and it cannot fail over. Same as HSRP, VRRP, etc.