IP Aliases - VERY NICE!

  • I just went through a recent move and was forced to go with the local cable provider to get business Internet service when Verizon screwed up my business DSL order and was unable to fix it after 5 days of screwing around.  Prior to the new IP Alias virtual IPs, the only way to work with the majority of cable systems was to purchase rather expensive routing equipment in the $5K+ range.

    Since we can now assign multiple routable IPs to each port of the firewall, this is no longer an issue for the majority of systems.  pfSense 2.0 does have some UI bugs, but you can usually work around them to get the router setup as you need it.  If the static IPs are handed out by DHCP inside of your modem (i.e. systems using 2Wire modems for cable, FIOS, and/or Uverse) this won't work for, but I think that adding an optional MAC field for each virtual IP Alias would work.

    These systems force you to distribute your static IPs through DHCP within the modem, but they can also be hard-set within the modem based on the MAC address.  If the MAC address of the virtual IP Alias could optionally be set, then these systems could also work.  You would need to set the IP in both the pfSense firewall and the 2Wire (or similar) modem to be the same, but that would be fairly easy.

    Thanks for making a great product!

  • Getting multiple addresses from DHCP would probably require some type of virtual interface for each address acquired by DHCP, but I'm not sure what type(s) might work.  As far as I know, individual interfaces cannot have multiple MAC addresses assigned to them.

  • I know that Microsoft and VMWare do it with their virtual adapters for virtual servers, but I guess that would be a whole other set of functionality.  I think I was confusing virtual IPs with virtual adapters (each of which has its own MAC address), the latter being what is required.  It would probably be worth looking into for a future release as virtual adapters could replace the IP Alias virtual IP concept.

  • It can be done in FreeBSD through ng_eiface just someone needs to sponsor or code it.

  • ng_eiface is virtual interface of bsd-world, then?

    because, like efonne, i thought multiple MAC's on single IP's won't work because of Layer 2 routing problems (assignation)..

  • @eazydor:

    …i thought multiple MAC's on single IP's...

    We're actually talking about each IP possibly having its own MAC address, not a single IP having more than 1 MAC address.  The current design works fine for me, but it would be a nice feature for those who need it.  It's built-in to all virtual server software and it is available on some very expensive hardware, so I think that ermal has the right idea.

  • yes, shure. my bad.

    anyhow, off course is ermal right, because:

    firstly, he's a hero member  :)

    secondly, like efonne said, you need an virtual interface, just like it is build in "virtual server software" or "very expensive hw". i just wanted to know, what ng_eiface is. (http://www.gsp.com/cgi-bin/man.cgi?section=4&topic=ng_eiface)

Log in to reply