Static WAN interfaces crashes, DHCP is OK
-
Indeed. ;)
Since any VIPs will inherit their MAC (unless you can spoof it?) DHCP cannot work. The easiest way around this may be to add more NICs instead of using VIPs. I don't know how practical that might be for you.
Steve
-
His situation is EXACTLY the same thing I already beat my head against with the install in Denmark and the ISP sounds exactly same, right down to the 5 IPs over DHCP. Had to use multiple virtual NICs on a pfsense 2.1 32bit install in esxi. (64bit version was being testy)
The bad news is it forced me to use DHCP at WAN.
Good news is the IPs haven't ever changed… YET.
-
Currently their are talking about some legal bull**** for why this is done :)
Anyhow, yes that is indeed possible, but I currently only have 3 nics on my alix board, which was ment like this, WAN,LAN,DMZ. if this cannot be done, I might have to drop the DMZ, or drop the idea of multi public IP for reverse NAT, depending on the source network.
-
Or get something with 5 physical NICs + 1 for LAN or something bigger with only 2 that will allow you to run pfsense in esxi… + VLAN switch.
-
His situation is EXACTLY the same thing I already beat my head against with the install in Denmark and the ISP sounds exactly same, right down to the 5 IPs over DHCP. Had to use multiple virtual NICs on a pfsense 2.1 32bit install in esxi. (64bit version was being testy)
The bad news is it forced me to use DHCP at WAN.
Good news is the IPs haven't ever changed… YET.
It is not really a problem, if the IPs changes RARELY, even with "static" IPs. I know that there are no real static IPs for home users, if you really want real static IPs you have to go with a pro line.
Which ISP is this? Full**** ? -
If you are looking to just repurpose those IPs for something in the DMZ, maybe the "Proxy requests to DHCP server on WAN subnet" option could be used.
-
Yes - Its fullrate…. Reading their Dutch pages was so fun for me.
You know how us Americans love the beautiful Dutch language.
Its like Greek to me, but I could do better with Greek. -
Yes - Its fullrate…. Reading their Dutch pages was so fun for me.
You know how us Americans love the beautiful Dutch language.Its Danish :)
-
Shut up… I meant to say Danish - Everybody knows they speak Danish in Denmark...
Especially us Americans - Its virtually our second language.
(Its early - I haven't had my coffee. No making fun of the dumb American guy before coffee :()
The guy who actually owns the rig had some phrases he wanted me to say so he could laugh at our dumb accents. :P
-
Anyway - There is a solution to make it work with pfsense - I'm just not sure it will work out if you are limited to a tiny Alex install. If you are on Fullrate, same as this other guy, they bind to MACs. Pain in the butt.
-
Sorry! 8)
I am awaiting answer from the ISP now, but I am quite sure that there is nothing really to do about it…
Currently I am limited to the alix board (which I actually bought to this pfsense "project")
-
stephenw10 mentioned something log ago that I never tried. He said something about using VIPs and entering seperate MACs for each VIP to give fullrate ISP MACs to bind to. (I may be butchering his actual words)
I'd assumed this would happen on the interfaces drop down menu, after installing the VIPs and that VLAN would be required.
I'm totally not sure, since I've never attempted such a thing. Fullrate isn't blazing fast. Could you add several USB NICs if it came down to it?
USB could handle their bandwidth no problems. -
I've never tried it either, I've never had cause to. I'm not sure if you can spoof the MAC on a VIP. :-\ Seems like it should work if you can though.
Hmm, some breif googling seems to indicate you can't run multiple MACs on the same real NIC.
Steve
-
Choices are run as VM, get more NICs… ???
Sucks.
-
Seems like that. Can VLAN interfaces have MACs independent of the host NIC? Seems probable they cannot.
Edit:
@jimp:VLAN MACs follow the MAC of their parent interface.
I quite liked Doktornotor's suggestion of proxying DHCP requests to the real internal machines. If it uses dhcp realay that may mean you couldn't run a dhcp server on the box for other clients.
http://doc.pfsense.org/index.php/DHCP_RelaySteve
-
Edit:
@jimp:VLAN MACs follow the MAC of their parent interface.
That is the default behaviour. The web GUI allows specification of MAC address on VLAN interfaces. I have a recollection that in some contexts the configured MAC address for a pfSense VLAN interface wasn't propagated to the hardware. (I can't remember the context - a virtualised environment? a 'feature' of specific hardware?)
Bridge interface MAC address seems to get propagated to the hardware.
