Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Virtual IP as gateway

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 781 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Lucas Rey
      last edited by Lucas Rey

      Hello community, this is my first time with pfSense. I have a simple configuration to use pfSense as NAT and DHCP (I don't need firewall feature). So I have WAN and LAN interfaces correctly configured. Clients connected through pfSense can ping 8.8.8.8 and obliviously can reach the LAN interface (i.e. I can login into pfSense GUI).

      Then, I configured a LAN VIP (type CARP), this will be used for High Avail configuration later, but for now I would like to test the VIP. Theorically, the clients should have the LAN VIP as gateway, but in this case I loose connections to WAN and LAN. Using the LAN IP I can ping the VIP, btw.

      To recap, on pfSense I have
      LAN: 192.168.6.1
      VIP: 192.168.6.2

      On client:
      IP: 192.168.6.10
      GW: 192.168.6.2

      Could someone help me to understand what's wrong and why I can't use the VIP as gateway?

      Thank you
      Lucas

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        You can.

        Please post screen shots of what you have done, in particular the VIP and the LAN interface and the LAN firewall rules.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • L
          Lucas Rey
          last edited by

          Thank you for reply. First of all, at this stage I'm in my notebook test environment and everything is on VMWare. So I'm trying to do something a little bit complicated.
          I tried to move the VMWare ESXi to a real server, and, with the same configuration everything works as expected. So I don't want to complicate my life, even if I would like to know why with the below schema it doesn't work.

          Btw, now I'm trying to undertsnad why if I setup the LAN VIP as DNS on client, I'm not able to resolve addresses. I already changed the Outgoing network interface to WAN VIP (under DNS Resolver configuration) but still not able to navigate from clients. If I setup DNS as 8.8.8.8 everything work as expected.

          alt text

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            No. I mean pfSense screenshots of what you have done.

            And maybe start simple then get complicated.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.