Unfortunately it's currently not possible to get multiple dynamic public IPs per DHCP.
With 2.0 where CARPdev is used it "should" work.

A possible (ugly) workaround:
Plug as many NICs as you have additional IPs into your pfSense and set them as DHCP.
Like this your additional NICs will request an IP from your ISP.

Another (similarly ugly) workaround would be to connect a VLAN capable switch to your pfSense and assign as many VLAN-interfaces as you have additional IPs.
You would need to assign a PVID on the switch for each "virtual" interface and then connect them to another switch which then goes to your modem/router/whatever_connects_you_to_your_ISP. (you need a separate cable for each virtual interface from the VLAN switch to the normal switch).

This would look like this:

pfSense
                    |
                    |
            VLAN-switch
              | | | | | | |
            normal switch
                    |
                    |
                modem

Each system in a CARP cluster sends out a "heartbeat" with its various settings (vhid, etc) skewed at a specific rate. The master is always broadcasting at the fastest rate, and each other member has a higher skew, based on the "Advertising Frequency" setting for the CARP VIP.

Anything that would cause the master to stop broadcasting, or cause it to broadcast at a lower rate, would cause a failover. Could be link loss on a NIC, a dead switch port, hard lock, panic, etc, etc.

Some system problems can also trigger a CARP member to skew itself higher (to advskew 240) if a hardware fault of some kind is detected.

This happens for me , some networking programs have no problem (like radmin, a remote administrator) they just freeze for a couple of seconds. Others like ftp connections die. I was thinking that it's just the nature of the transfer and ftp can't compensate. At least a fail over should be a rare occurrence and we might have to live with these kinds of things.

bards1888,

May I know more about your successful configuration?

Say the WAN IP address of the fw1 & fw2? Is the PPPoE using dynamic / static ip?

Many Thanks
Alpha

Here's an update…

I changed the subnet to 24 for the LAN interface, and the virtual IP. I was able to reboot the master, and still have access to the firewall.

-Thanks! :)

My ftp is working, the active mode was the solution.
  Thanks.

I think this turned out to be a hardware issue. I'm not certain if it was a specific piece of hardware that was malfunctioning, or if it was some kind of intermittent compatibility issue. I suspected hardware after the machine started randomly locking up. I had an identical machine, so I swapped the hard drives into that one, and it had weird issues as well, but my LAN interface (which was a VLAN) wouldn't work at all, so I had to take the add-on NIC card out of the original machine and put it in this one, even I just replaced an identical card. Then it worked, but it still had random lock ups and such. From there, I migrated my whole setup to a VM, and I've had no problems. So either it was the hard drives, the original NIC, or both machines have some internal hardware issue.

Solved, with work around. See my other posting with subject: VMWARE ESX 3.5 / vSwitch w/ 2 Physical NICs / CARP / PFSense 1.2.3
NIC-teaming/fail-over in vSphere seems to be the problem.

Best regards,

Quentin

Send an e-mail to wikiadmin@pfsense.org

Or if you just want to write the content for the page I (or someone else with access) can add the content for you.

So, here is what I've done so far, but I'm having problems.

Define the new IP under Firewall -> Virtual IP -> Other.  Ip is

116.90.xxx.43/32

Go to Firewall -> Nat then define the following rule.

Under port forward add a new rule
External address: 116.90.xxx.43
protocol : TCP
External Port Range: Web_Server_Ports (alias for TCP ports 22, 80 and 443)
NAT_IP: Splunk server (alias for 10.0.2.41)
Local Port: Web_Server_Ports

Check auto create firewall rule

Now, from within my network if I ssh, http or https on the IP 116.90.xxx.43 my nat works.  However when I try to hit my public IP externally it doesn't work and I don't see any denied messages in the firewall.  I'm assuming it's something wrong with the way I've defined virtual IPs.  Any ideas what I've done wrong?

Thanks,
Todd

That seems like it would work well, thanks! I will give it a try today.

You also have to configure the outbound NAT to actually use the VIP.

Super! I need to get more beer then…. :D :D

@dotdash:

Your IT expert is right. He is the expert after all.
(OpenBSD has CARPdev, which allows you to run a cluster with one public IP, but FreeBSD does not have this functionality yet)

@Wielke:

problem is we can't use any of the 80.x.x.146/147/148/149 (our public IP range) as VIP's as we can't use them after that to NAT with?

Why? You can.