Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple MAC to single IP

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 3 Posters 583 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eangulus
      last edited by

      Hi, I have seen this asked a few times ways back, and most answers are no, why, how would that work.... that sort of thing.

      First, I understand that it may be wrong/broken to do this. But understand that most people who venture into pfSense world, are coming from Tomato, where we could and still can assign 2 MAC's to a single IP.

      Now, the reasons I have seen are mostly to give the same IP for Wired or Wifi connection from laptops, etc. I don't believe it is needed there nor do I recommend it.

      But, I have personally found a reason to have it, that I so far cannot think of a solution around it.

      I have a High Available Synology NAS setup. The NAS's themselves have 10.0.28.2 and .3 for there respective IP's. Then Synology HA software assigns 10.0.28.1 to one of the NAS's. If it fails then the HA software auto moves the .1 IP to the other NAS.

      Overall not a problem, except there are ONLY 2 MAC's. There is no virtual 3rd MAC address for the virtual IP. On my network, the MAC that is reported with 10.0.28.1 is the MAC address of either .2 or .3 whichever is currently the master unit.

      Now there is a heartbeat /sync cable between the 2 NAS's so there is NO reason to need to have .2 or .3 available on the network. If I was able to in pfSense, I want to be able to put both MAC address's in and assign it the 10.0.28.1 floating IP. I know that only 1 will ever be visible and active on the network. so technically there shouldn't be a problem.

      Now, I understand if this is the wrong thing to do if one wants to stick to the rules 100%. In saying that, I would like to stick to the rules too and try to do things the right way now I am moving from tomato to pfsense setups. I'm learning something new so I may as well refine my methods also.

      So if there is a better way to go about it then please share. At this stage I can only set the NAS shared IP to a static setup, but is there a way or even a need to register that in anyway in pfsense, for maybe the internal DNS for example?

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        @eangulus said in Multiple MAC to single IP:

        But understand that most people who venture into pfSense world, are coming from Tomato

        I'm not sure how you can make that statement. Nobody ever mentions Tomato around here, and I've been here for 6 years.

        Is there an actual problem you are having with this scenario? I read your post three times and couldn't find anything that's giving you problems. pfSense works primarily at the IP level, not MAC. I would assume that the virtual IP for your HA rig uses the MAC of the active node, no? All clients on the network get their ARP tables updated via broadcast, so they should have no trouble finding the right node via the HA IP address.

        1 Reply Last reply Reply Quote 0
        • C
          conor
          last edited by

          In the cisco world i would have disabled mac learning so that the mac needs to be re learnt a lot, that way it would pick up the mac change from the nas, so maybe what you are looking for is to either disable arp caching for that ip or have a really low arp timeout.

          Not sure what impact on speeds etc these might have or if possible from within pfsense but it sounds like what you want.

          200+ pfSense installs - best firewall ever.

          1 Reply Last reply Reply Quote 0
          • C
            conor
            last edited by

            So I had a look at how sysctl is set up for arp caching

            The cli command:
            sysctl -n net.link.ether.inet.max_age

            Gives:

            net.link.ether.inet.max_age: 1200

            So that means that a arp value will stay in cache for 20 minutes to change to 20 seconds:
            sysctl -w net.link.ether.inet.max_age=20

            Once you reboot it will get reset.

            Maybe test with that and see if it along the longs of what you want to do. Otherwise i've completely mis understood and should be ignored.

            ** I have no idea on what impact doing this would have on the performance of your device **

            Reference:
            https://www.freebsd.org/cgi/man.cgi?query=arp&apropos=0&sektion=4&manpath=FreeBSD+11.3-RELEASE&arch=default&format=html

            200+ pfSense installs - best firewall ever.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.