Using mutliple ext. IPs on multiple physical NICs (noob question)

mlabenda

I have a question regarding , using mutliple ext. IPs on multiple physical NICs

I have an 29 subnet on a single 34Mbit line

does it make sense, to have a seperat physical nic for every IP ?
I try to use VIP, but had no success here, or better to say, i was confused  ???

Main IP / NIC would for email and outgoing traffic on WAN
2. IP / NIC for hosting on Post 80
3. IP / NIC for VoIP only

No Failover, No Load Balance etc.

jimp

No, it does not make sense to have multiple NICs each for a single IP address in the same block.

Depending on how the IPs are routed to you, any of the VIP types could work. Do you know how your ISP is routing that /29 down your line?

mlabenda

All Ips do have the same gateway.

jimp

Is that gateway inside of that same /29 subnet?

If so, you'll need either Proxy ARP or CARP IPs. Either one should work in that case.

mlabenda

Yes the Gateway IP is part of the /29 subnet.

OK maybe i'm just too stupid doing it.

I will try it again on my testsystem

thanks for Help

torontob

@jimp:

Is that gateway inside of that same /29 subnet?

If so, you'll need either Proxy ARP or CARP IPs. Either one should work in that case.

I have exact same need except for I want to then assign these obtained IPs to VPS servers that I am running of another server that is running Proxmox. Would doing the Proxy ARP and CARP IPs give me separate interface with full access to Firewall and NAT rules or would I be sharing NAT rules between all the IPs?

Thanks

jimp

@torontob:

I have exact same need except for I want to then assign these obtained IPs to VPS servers that I am running of another server that is running Proxmox. Would doing the Proxy ARP and CARP IPs give me separate interface with full access to Firewall and NAT rules or would I be sharing NAT rules between all the IPs?

That really isn't exactly like the original post, they just wanted to use them for NAT.

If you have a separate interface and you want to use the IPs only there, then the IP block should be routed to your WAN IP, and then you just assign one IP out of the block to pfSense on that new interface, and then assign the other IPs in the block to devices on that interface. You'll also need to switch to manual outbound NAT and delete any NAT rules that come up for the public IP segment, so it will only be routed and it won't have NAT applied.

torontob

Thanks jimp.

So, once I get the IPs using Virtual IP. Then I can use my LAN port to connect to a dumb switch and then connect a proxmox server to the dumb switch and then where in pfsense do I set the Virtual to a specific MAC??!! of the proxmox VPS or would obtaining IP be done on the Proxmox side?

Also, I didn't comprehend the NAT part. Would I lose some functionality in NATing or Firewall? I might have all the VPS running Apache server and running at port 80 but have different public IP address so I can't have a trade off on NAT.

Thanks again

jimp

No. If you route a new subnet, you do not use NAT or Virtual IPs at all. You really should start a new thread since your issue is not at all like the issue that started this thread.