Configuration question
-
Hi! I'm not sure where to post this question but DHCP/DNS looks like the right place.
Here is my setup:server1
192.168.1.11|–---
|
|-------------[pfSence]–--[internet]–----[clients]
server2 |
192.168.1.12|–---I'd like to have an "virtual" IP address, for example, 192.168.1.10 where clients can connect via ssh and be directed to either server1 or server 2 depending on which server is up now.
Is it possible at all? -
You should be able to do this by using a VIP and configuring the inbound load-balancer.
-
Thanks! I've never used VIP but will look it up.
will it work over ipsec?
server1
192.168.1.11|–---
|
|-------------[pfSence]–--[IPSec VPN]–----[clients]
server2 |
192.168.1.12|–---Could anybody point me to the VIP's guide or how-to? I can see only bits and peaces here and there :-\
-
Firewall, virtual IPs. I'd use a CARP VIP for this. You also might want to check out the recently added HAProxy package. I would think you could setup the LB to run over the tunnel, but I haven't tried to configure it that way.
-
No, I know where to find it in pfSense but is there a How-To or something I can read? or maybe a pfSense book? ;D
I found this article http://www.digitalphotomac.com/PFsense/VirtualIP/ and it explains a lot but not everything. He's talking here about setting all 16 WAN IPs as virtual ones but what goes to the WAN interface settings then, for example?
Don't gang on me please as I said I've never used this before. :) -
The WAN has an actual IP. The Virtual IPs are just additional IPs the firewall can use for NAT or whatever.
-
What is the difference between doing VIPs and port forwarding? Is it more secure or may be faster?
-
VIPs just give you more IPs to work with than using the WAN address. If you have several web servers you need to have available on port 80, for example.
-
[…]or maybe a pfSense book? ;D
It's coming. Should be available for ordering within the next week or two. :)
