Is "mass addition" of IP Aliases possible?
-
In a HA setup, I have defined a 1:1-NAT for a VM behind the firewall(s). As required, I have additionally defined an IP Alias using as "interface" the CARP address defined for HA. Works.
However, I actually want to 1:1-NAT several dozens of VMs. This is easy to do in the NAT definition by using a Network as Internal IP. But how can I do this when defining the IP Aliases as Virtual IPs? Do I really have to do this one-by-one (for dozens of addresses)?
(I also considered using Proxy ARP as an alternative because you can define these for networks, but this cannot be "bound" to an "interface" that is specified as CARP-Address.)
Any hints?
-
@mnlipp https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#bulk-import-network-aliases but it’s more for one alias with a list.
Add to config file and restore maybe, if that’s easier to script/generate.
-
@SteveITS Thanks, but you cannot enter an "IP Alias" (Firewall/Aliases/IP) in the "Address(es)" field when you define an "IP Alias" (Firewall/Virtual IPs/IP Alias).
-
So I edited config.xml (plus 63 IP Aliases) and held my breath...
The web interface of the secondary firewall became unresponsive for several minutes (the command line was still available). During this time, the secondary sent dozens of messages about assuming CARP state whatsoever.
Eventually, things settled down and I could access the web interface again. I found that both firewalls considered themselves master for the "interface" CARP IP and all Alias IPs associated with it.
I temporarily disabled CARP on both firewalls and enabled it again. Now things look okay.