ESX + pfSense + Multi FailOver IP and MAC adress associated

Cartman34

Up !
Do you need more informations ?

stephenw10

Hmm, I'm not sure I understand what you're trying to do.

Do you have two WAN connections or two public IPs via one connection?

Steve

Cartman34

I have two public IPs via one connection.

stephenw10

I don't think pfSense can attibute a different MAC address to a virtual IP, which is what would have to happen to allow outgoing packet tagged with different MACs.

Perhaps someone else can enlighten me.

You might be able to do this by adding an extra virtual interface and switch within ESXi giving pfSense and extra WAN interface with a different MAC. However this is outside my experience I'm afraid.

Steve

Cartman34

I tried it,  setting one WAN with one public IP Adress, when packet go in, it's ok but as you said, pfSense is unable "to allow outgoing packet tagged with different MACs"
But we know from a specific LAN IP which WAN IP and MAC Adresses we have to use but we can't configure pfSense to use right informations.
In fact, we are able to configure it to use the right WAN IP but it does not tag the packets with the right MAC Adress.

Thank you for your help.

stephenw10

I've never used ESXi. Can you configure virtual NICs with different MAC addresses?

Steve

Cartman34

If NIC means Network Interface Card, Yes.
A VM can have one and more NIC.

stephenw10

If you can specify the MAC address when adding new virtual cards in ESXi then you could give pfSense two WAN interfaces, with different MACs, which should allow the tagging you need.

Steve

Cartman34

I tried to do it, using serveral interface and multi-WAN but when packets go out, it tags theses with the wrong MAC Adress.

i don't know how to configure pfSense to tell him:
"Hey you see this LAN Adress 10.0.1.1 ! When a packet is going out from this LAN Adress, I want you use the Public IP Adress 85.58.85.30 with MAC Adress 00:0a:a0:1b:b1:a1 but when a packet is going out from 10.0.2.1 or 10.0.2.2, you HAVE to use the Public IP Adress 85.58.85.31 with MAC Adress 00:0a:a0:1b:b1:b2 !"
(All adresses are faked)

stephenw10

This would be easy to accomplish if you had two physical WAN interfaces.
Because you are using one NIC and virtual interfaces, either in pfSense or in ESXi, you are asking it to spoof the MAC on an individual packet basis. Neither ESXi or pfSense are able to this it would appear.

Steve