High availability with comcast

Emc · February 29, 2024, 6:04pm

I want to enable high availability on my pfSense routers. I’ve bought them at the same time, same model.

Comcast modem 10.10.10.1
pfSense1: WAN 10.10.10.2.
pfSense3: WAN 10.10.10.3.

My setup is the following:
Comcast modem (Set up to DMZ and forward all traffic to the pfsense1 in production)
pfSense1 is on production and handles VLANs, DHCP, etc. (Connects to usw-48-pro ubiquiti where the ubiquiti key is also connected and my devices)

I am unable to get to pfSense2 GUI at all.

I tried accessing 10.10.10.3 from a laptop within pfSense1 and there are no pings whatsoever. (I am able to reach comcast and pfsense1 addresses from my laptop in the lan)
I connected the laptop directly to the comcast modem to get a 10.10.10.30 IP address, yet I am unable to reach pfSense2 either. When I use Zenmap, I am able to see the device is connected.

I’m not sure if this has anything to do with the DMZ setup or what not. I’ve been pulling my hair out these past days.

Any help would be greatly appreciated. Thank you!

dkggpeters · February 29, 2024, 6:17pm

Where is your PFsense2 connected to? It sounds lik you are daisy chaining them.

When you say high availiblity are you expecting one of the boxes to go down? Not sure what you are trying to accomplish.

pavlos · February 29, 2024, 6:38pm

you cannot access pfsense on the WAN port, you use the LAN port.

if pf1 WAN is 10.10.10.2, what is its LAN range?
plug a laptop there and you can access the LAN ip.

Emc · February 29, 2024, 7:07pm

The comcast modem has 6 ethernet ports to connect to. Both pfSense are connected to the comcast modem dirrectly.

I am following this tutorial. Instead of using the Netgate Switch from the video I am using my Comcast Modem ports. I’m not daisy chaining them: https://www.youtube.com/watch?v=-1Og5ogkyZY&t=588s

dkggpeters · February 29, 2024, 9:05pm

That modem may not be capable of doing what you want to do in bridge mode. Toss a switch between the modem and PFSense boxes and see if that works.

A diagram of your layout with WAN and LAN IP’s would be helpfull and they do not need to be your actual ips, just consistent.

Emc · March 11, 2024, 4:27pm

The problem was that the LAN cable in pfsense2 was not puggled in the network. I am able to reach both pfsense from my main network and HA is properly configured.

Thanks everyone for their input.