Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Virtual IP's on Bonded ADSL

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 907 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      safetynet
      last edited by

      We have a client with bonded ADSL, where the 2 bonded channels both present the same /29 public IP address range - this is done by the ISP so that if either channel falls over, the other channel is completely capable of presenting all the inbound traffic to the one remaining active interface.

      In theory, it's a great system, but I can't wrap my head around how to define the extra virtual IP addresses in PfSense.

      I've defined 2 PPPoE WAN connections and these connect ok, but realistically they occupy the same IP space, so at the moment I have a Virtual IP table not dissimilar to this:

      Public IP              Interface
      x.x.x.1                  WAN1
      x.x.x.2                  WAN2
      x.x.x.3                  WAN1
      x.x.x.4                  WAN2

      Again, this will work to present the inbound traffic to an interface that's capable of dealing with it, but in the event that a WAN link goes down, so does its associated Public IP's.  This is NOT GOOD and completely defeats the point of the bonded ADSL in the first place.  I've tried to set up replica Virtual IP's so that it would look like the follwing (in theory):

      x.x.x.1                WAN1
      x.x.x.1                WAN2
      x.x.x.2                WAN1
      x.x.x.2                WAN2

      But, unsurprisingly when I try to duplicate the virtual IP's, I told that it's already assigned to another interface, which I can fully understand.

      Is there any way, at all, to get this working ?  I guess what I'm looking for is a way to bond downstream WAN connections - I already know how to do the upstream with Routing Groups, but can't see how to tell PfSense to treat both WAN connections as a single entity.

      Thanks

      1 Reply Last reply Reply Quote 0
      • chpalmerC Offline
        chpalmer
        last edited by

        If its bonded you should only have 1 wan address…    ??

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • S Offline
          safetynet
          last edited by

          Yes, we do - one IP address which is presented to both WAN1 & WAN2 interfaces by the ISP, so inbound traffic can route down either physical piece of copper.  As well as this, we also have a /29 subnet of routable IP's assigned to us (via the same bonded broadband and is subject to the same 'mirroring' as our WAN ip), which is not contiguous with our WAN ip (WAN ip ends .69, /29 goes from .249 to .253).

          If all I wanted to do was route the WAN ip then we'd be fine.  However, we need to NAT for inbound on some of the routable IP's, for which I need to allocate virtual IP's on the pfsense box.

          If pfsense isn't actually bothered about which physical interface the traffic comes in on, as long as the IP info is correct, then I guess I could just assign all the VIP's to WAN1, but I don't want to put ourselves in a position where if WAN1 fails, but WAN2 is still up, we don't get any of our inbound traffic.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.