Two pfSense-Gateways with one public ip



  • We have a small rackspace with one public ip from our provider. I'd like to have two redundant pfSense gateways synced in a way that only one of them occupies the public ip and the other one's WAN port remains unconfigured until the first one crashes. In that case I'd like the second one to take over the public IP.

    I tried using CARP but I couldn't get it to work in different subnets because I couldn't set the default gateway on a CARP-IP. Is there another way to do this or do I have to buy an additional IP address in order to get this to work? I'm not quite sure what the other kinds of virtual IPs do in pfSense, could one of those modes be used?

    I don't need the public IP to be reachable at any time, we just need it to allow the machines behind it to connect to the internet.


  • Rebel Alliance Global Moderator

    The correct way to setup carp is with 3 public IPs at min..  There are some "hacks" that allow you to kind of trick it using rfc1918 space, etc.

    But I wouldn't think getting a couple more IPs would be all that expensive..  On most of my vps and or shared servers I can add IPs for like $1 a month each.. Can't you just get a /29 from your provider and then you would be cooking with gas..



  • Yeah, I came to that conclusion as well. The customer needed some persuation though…