Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pool of Virtual IPs Used by One Interface?

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    4 Posts 2 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      robusto
      last edited by

      My apologies for being such a newb at all of this; I'm not quite sure I understand the use of Virtual IPs and CARP.

      I have a chunk of IPs for my office and I want to use a few of them on one interface. Basically, we have too many google requests coming out of one IP and that seems to be causing trouble.

      Would Virtual IPs/CARP be the solution to this? Any external Pfsense resources I could look into?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        If you only have one firewall and not a cluster, you should be able to use CARP or Proxy ARP to accomplish that.

        After you add a virtual IP, you can setup manual outbound NAT and set rules that will direct traffic out over whichever VIPs you like.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • R
          robusto
          last edited by

          Thanks for the reply  :)

          If I make an outgoing rule for multiple vIPs, is the WAN static IP still necessary? For example, if I made 3 CARP virtual IPs and a separate outgoing NAT rule for each, would pfsense treat the IPs equally for outgoing traffic in a kind-of round-robin fashion?

          Again, apologies if I completely misunderstand the nature of vIPs and CARP.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Not usually.

            The WAN IP is still needed since it will be used for the firewall itself, just not for traffic leaving your LAN.

            As for the outbound NAT rules, they are processed in a first-match-wins fashion. If you have three rules that specify traffic from LAN uses a VIP, it will use whichever one is on top, it won't skip it to use the next one down to do any kind of balancing.

            If you want to use them all for your LAN, you'd have to specify the rule in such a way that it matched a different portion of your LAN for each VIP.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.