Any issues with using pfsense with 4 C-block's of public ip's and 1-to-1 NAT ?
-
I'm looking to replace a pix520 with pfsense but wanted to make sure pfsense and its gui etc. would be able to handle 4 C-block's of public ip addresses and do 1-to-1 Natting. Does anybody have experience with large sets of ip's and pfsense and want to comment?
Are there any issues or limitations in the gui with regard to managing that many rules etc?
To add to that, I will want to do failover/carp.
Thanks for your help!
-
There are issues using CARP and multiple non-contiguous blocks.
My old topic on this is here: http://forum.pfsense.org/index.php/topic,7039.0.html
You might want to do some additional searching as that thread is quite old now. The information is correct as far as 1.2.x goes, I haven't tested this with a recent 2.0 snap. -
Hmm thanks for the info, I would be using some non-contiguous blocks.
-
dotdash is correct, you will not be able to assign CARP IP addresses that don't belong to the same range as the interface they're assigned to. This is a FreeBSD limitation and it causes nasty kernel panics.