Issue forwarding ports on different interfaces
-
Essentially, yes.
And you can still block/filter by IP with Virtual IPs.
-
OK, so there are no options to assign IP address by DHCP for the virutal IPs. You have to assign the addresses via DHCO for AT&T uverse. ;-(
So what now?
-
Search the forum for CARP and uverse. Last I knew DHCP was not required.
-
OK, will do.
I currently can't statically set the IP addresses, I have to go into the uverse gateway and select what interface gets what IP and then run dhclient for the IP to be renewed on the interface.
-
Search the forum for CARP and uverse. Last I knew DHCP was not required.
Will try thisโฆ.
http://forum.pfsense.org/index.php/topic,28184.0.html
UPDATE: Worked like a charm! That totally bypassed Uverse's dumb config at the gateway.
-
Adding additional interfaces is the problem - whether they are real or virtual, you don't need them - you only have one WAN with multiple IPs on that one WAN - you don't use one interface per IP.
You use a single WAN, and add Virtual IPs there in order to use your additional IPs.
What is the difference between CARP and Alias IP? I am not doing any clustering so from what I read the Alias IP makes more sense?
http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F
-
CARP VIPs get a unique MAC for each IP, IP alias are all shared on the main interface's MAC. Your ISP equipment may require a unique MAC per IP.
-
OK, I spoke too soon.
When I add the CARP interfaces it shows up in the u-verse gateway, but clearly get marked as statically assigned and are forced behind the u-verse gateway's firewall making them useless. Didn't notice that before, and I had to reset the u-verse gw to get back to square one again.
Is there a specific method/trick to setting up these CARP addresses?
-
once they appear in the uverse gateway, you can flip a bit in the uverse router to disable the firewall on those IPs individually. It's just how the uverse router works, and I'm quite certain that's been covered elsewhere on the forum.
-
once they appear in the uverse gateway, you can flip a bit in the uverse router to disable the firewall on those IPs individually. It's just how the uverse router works, and I'm quite certain that's been covered elsewhere on the forum.
After the reset I was having some trouble getting the CARP interfaces to show up. Some forum member by name jimp had a bright idea to ping the VIPS and they would should up in the u-vserse gateway.
http://forum.pfsense.org/index.php/topic,31167.0.html
All looks well so far, as long as I learn then these little struggles are worth it.ย ;D
