Pool of Virtual IPs Used by One Interface?
-
My apologies for being such a newb at all of this; I'm not quite sure I understand the use of Virtual IPs and CARP.
I have a chunk of IPs for my office and I want to use a few of them on one interface. Basically, we have too many google requests coming out of one IP and that seems to be causing trouble.
Would Virtual IPs/CARP be the solution to this? Any external Pfsense resources I could look into?
-
If you only have one firewall and not a cluster, you should be able to use CARP or Proxy ARP to accomplish that.
After you add a virtual IP, you can setup manual outbound NAT and set rules that will direct traffic out over whichever VIPs you like.
-
Thanks for the reply :)
If I make an outgoing rule for multiple vIPs, is the WAN static IP still necessary? For example, if I made 3 CARP virtual IPs and a separate outgoing NAT rule for each, would pfsense treat the IPs equally for outgoing traffic in a kind-of round-robin fashion?
Again, apologies if I completely misunderstand the nature of vIPs and CARP.
-
Not usually.
The WAN IP is still needed since it will be used for the firewall itself, just not for traffic leaving your LAN.
As for the outbound NAT rules, they are processed in a first-match-wins fashion. If you have three rules that specify traffic from LAN uses a VIP, it will use whichever one is on top, it won't skip it to use the next one down to do any kind of balancing.
If you want to use them all for your LAN, you'd have to specify the rule in such a way that it matched a different portion of your LAN for each VIP.
