Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ESX + pfSense + Multi FailOver IP and MAC adress associated

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 2 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Cartman34
      last edited by

      Hello,

      First, I have a problem with multiple FailOver IP (or public IP) on pfsense and i only fond doc about multi-WAN or multi IP.
      I am not very friend with networking, so be compliant please.

      I want to have multiple "network" connected to internet with one public IP and only one gateway for all of them..
      When data gone in with one IP, the firewall have to know which LAN IP is the recipient of theses data and when data goes out from a defined LAN IP, the firewall have to attribute it the good WAN IP and MAC Adress. (A public failover IP is associated to a specific MAC Address)
      My servers are only VM (ESX) hosted by Online.net

      This is an example:
      IP1 – MAC1
      IP2 -- MAC2
      ...

      / IP1 < --- > LAN IP 1, LAN IP 3, LAN IP 4
      GATEWAY
                 \ IP2 < --- > LAN IP 2, LAN IP 5

      If it is possible, I prefere to use only one pfSense server.

      Currently, I succeeded to make LAN IP 2 to out with the right IP but the wrong MAC Address and my host does not accept it.

      Thank you in advance for your help.

      NB: Sorry for my english mistakes, I don't speak very well english.

      1 Reply Last reply Reply Quote 0
      • C
        Cartman34
        last edited by

        Up !
        Do you need more informations ?

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Hmm, I'm not sure I understand what you're trying to do.

          Do you have two WAN connections or two public IPs via one connection?

          Steve

          1 Reply Last reply Reply Quote 0
          • C
            Cartman34
            last edited by

            I have two public IPs via one connection.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              I don't think pfSense can attibute a different MAC address to a virtual IP, which is what would have to happen to allow outgoing packet tagged with different MACs.

              Perhaps someone else can enlighten me.

              You might be able to do this by adding an extra virtual interface and switch within ESXi giving pfSense and extra WAN interface with a different MAC. However this is outside my experience I'm afraid.

              Steve

              1 Reply Last reply Reply Quote 0
              • C
                Cartman34
                last edited by

                I tried it,  setting one WAN with one public IP Adress, when packet go in, it's ok but as you said, pfSense is unable "to allow outgoing packet tagged with different MACs"
                But we know from a specific LAN IP which WAN IP and MAC Adresses we have to use but we can't configure pfSense to use right informations.
                In fact, we are able to configure it to use the right WAN IP but it does not tag the packets with the right MAC Adress.

                Thank you for your help.

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  I've never used ESXi. Can you configure virtual NICs with different MAC addresses?

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • C
                    Cartman34
                    last edited by

                    If NIC means Network Interface Card, Yes.
                    A VM can have one and more NIC.

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      If you can specify the MAC address when adding new virtual cards in ESXi then you could give pfSense two WAN interfaces, with different MACs, which should allow the tagging you need.

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • C
                        Cartman34
                        last edited by

                        I tried to do it, using serveral interface and multi-WAN but when packets go out, it tags theses with the wrong MAC Adress.

                        i don't know how to configure pfSense to tell him:
                        "Hey you see this LAN Adress 10.0.1.1 ! When a packet is going out from this LAN Adress, I want you use the Public IP Adress 85.58.85.30 with MAC Adress 00:0a:a0:1b:b1:a1 but when a packet is going out from 10.0.2.1 or 10.0.2.2, you HAVE to use the Public IP Adress 85.58.85.31 with MAC Adress 00:0a:a0:1b:b1:b2 !"
                        (All adresses are faked)

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          This would be easy to accomplish if you had two physical WAN interfaces.
                          Because you are using one NIC and virtual interfaces, either in pfSense or in ESXi, you are asking it to spoof the MAC on an individual packet basis. Neither ESXi or pfSense are able to this it would appear.

                          Steve

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.