• My goal here is to be able to allow our clients to assign them selves a fully routeable external IP from a second subnet.  Our setup consists of two PFS boxes running 1.01 with CARP failover.  Our clients currently get internal IP addresses via DHCP.  Advanced outbound routing is turned on.

    We are trying to use this idea provided by m0n0wall's documentation: http://doc.m0n0.ch/handbook/faq-ipalias.html.

    Basically, using a separate physical interface on the machines we connected it (OPT2) to our WAN switch and assigned it an ip of xxx.xxx.xxx.2.  A static route in our router connects our two subnets together via .2.

    Now that we have our second subnet assigned to OPT2, we would like to be able to let clients use these IPS on the subnet.  We created a firewall rule on OPT2 to allow traffic to/from the LAN interface and vice versa.

    Clients that try to use these external ips from the OPT2 interface are not even able to ping their gateway or anything else.  I can however ping these external IPS from an external network.  I also tried assigning the IP that the client was trying to use as a virtual IP.  Our WAN CARP address is .2 on the first subnet.  Could this be causing problems?

    How can I make this work properly?


  • We have a similar setup to yours, I'd like to know if this would work, the m0n0wall doc seems like it would. Has anyone else had any luck with this type setup?
    does your upstream provider have a static route for the second subnet? What does it does it point to on your network?
    We have a static route for our second public block that points to the wan/carp address on ours and this setup does not seem to work….

  • No one has any clue?  Seems like this would be a common setup.

Log in to reply