How to set multiple IP to a WAN



  • how to set multiple IP to a WAN?



  • Either use Proxy ARP entries or CARP VIP's.



  • @blak111:

    Either use Proxy ARP entries or CARP VIP's.

    Hi..

    How can I create an alias IP on an interface like I would do with:
    ifconfig intf alias x.x.x.x netmask 255.255.255.0
    ?

    When I tried the "Alias IP" in Firewall -> Virtual IP ; I can't see that address being allocated to the interface at all..

    thanks !



  • Aliases in that respect are for creating groups for firewall rules.

    You want either a Proxy ARP entry or a CARP VIP. Firewall > Virtual IPs



  • @blak111:

    Aliases in that respect are for creating groups for firewall rules.

    You want either a Proxy ARP entry or a CARP VIP. Firewall > Virtual IPs

    Neither those fits my need…

    CARP only let me set a VIP if it's on the same subnet as the original IP ; and ProxyARP can't be used with the firewall only forwarded...

    My DSL provider route a /28 subnet through my main PPPoE connection. Up to now (that was before I was trying pfsense) my gateway was acting as a firewall for all public IPs...

    A simple ifconfig alias was all I had to do :(



  • ProxyARP just can't have services bound to it. You can still use the addresses for port forwards, outbound NAT, firewall rules, 1:1 mappings, etc.



  • @jyavenard:

    @blak111:

    Aliases in that respect are for creating groups for firewall rules.

    You want either a Proxy ARP entry or a CARP VIP. Firewall > Virtual IPs

    Neither those fits my need…

    CARP only let me set a VIP if it's on the same subnet as the original IP ; and ProxyARP can't be used with the firewall only forwarded...

    My DSL provider route a /28 subnet through my main PPPoE connection. Up to now (that was before I was trying pfsense) my gateway was acting as a firewall for all public IPs...

    A simple ifconfig alias was all I had to do :(

    I suspect you should be using "Other" type Virtual IPs. The pfSense book says "Other" VIPs allow you to define additional IP addresses for use when ARP replies for the IP address are not required. The only function of adding an Other VIP is making that address available in the NAT configuration screens. This is useful when you have a public IP block routed to your WAN IP address or a CARP VIP.



  • @wallabybob:

    I suspect you should be using "Other" type Virtual IPs. The pfSense book says "Other" VIPs allow you to define additional IP addresses for use when ARP replies for the IP address are not required. The only function of adding an Other VIP is making that address available in the NAT configuration screens. This is useful when you have a public IP block routed to your WAN IP address or a CARP VIP.

    Thank you for your answer..

    I had tried this ; however "Other" only let met define one IP address; no netmask nothing …

    Isn't this something many people would like to do ? why would any users have to worry with Level 2/3 networking stuff ...

    The level of complexity added here to solve a rather simple problem is rather astonishing...



  • Isn't this something many people would like to do ? why would any users have to worry with Level 2/3 networking stuff …

    Yes!  :)
    Use proxy ARP to get the netmask options. Set the type to network and put your network in there with the CIDR mask.



  • @blak111:

    Use proxy ARP to get the netmask options. Set the type to network and put your network in there with the CIDR mask.

    We already discussed proxy ARP … this doesn't suit my needs..

    I just want an ifconfig alias :)



  • Can you explain  why you need an ifconfig alias?
    I don't understand why Proxy ARP doesn't meet your needs.



  • @blak111:

    Can you explain  why you need an ifconfig alias?

    I thought I did earlier…
    According to the pfsense wiki:

    Can not be used by the firewall itself but can be forwarded

    Will not respond to ICMP ping.

    I do want to respond to ICMP ping (UDP is blocked); ping is used by various peers to identify if the server is on or not.
    And finally, the gateway itself is running services ; those programs needs to bind to a specified address which I can't do with proxyARP.

    Obviously, I can do everything manually via a shell access, but if that's the case I don't see the point of running pfsense…

    Note, I'm a long time FreeBSD user (since FreeBSD 3); I've managed to do everything I wanted with FreeBSD but wanted to try something new, and a tad more user friendly and felt like trying PF after using IPFW for so long.



  • bTW, setting multiple IP address to a WAN, is one part only of what I'd be needing.
    But unfortunately, haven't had much response so far to my questions..

    http://forum.pfsense.org/index.php/topic,22569.0.html



  • Ah, I didn't realize you were going to be running services on the firewall.
    Your only options through the web interface wouldn't accomplish your task then.

    You might check out V2.0, it's alpha/beta right now and it has quite a few changes.



  • @blak111:

    Ah, I didn't realize you were going to be running services on the firewall.
    Your only options through the web interface wouldn't accomplish your task then.

    You might check out V2.0, it's alpha/beta right now and it has quite a few changes.

    I had tried v2.0 yesterday (mainly because I wanted to run two PPPoE services). Unfortunately, none of the packages installed properly. I tried to install sipproxyd (as this is one feature I know I'm going to have issues with) ; it ends with an error after starting installation.

    Also for some reasons, it keeps prompting me that there is a new version available. Interestingly the time for the new version is 9 o'clock something, but once installed it shows up at 8… Which I think is why it thinks that a new version is available.

    I guess, I'll have to continue running the same system I do now, or try a custom linux-build (cause I want the various NAT applications helpers)



  • @jyavenard:

    however "Other" only let met define one IP address; no netmask nothing …

    Just for completeness, I'll point out I found it possible to add multiple "Other" Virtual IP addresses but had to do so one address at a time.

    Concerning sipproxyd, in case you meant siproxd, siproxd works fine for me on pfSense 1.2.3 RELEASE provided I use suitable VOIP applications. More details at http://forum.pfsense.org/index.php/topic,18204.0.html. The siproxd maintainers might be interested in some more details of the problem you had.


Locked