Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to borrow a single IP address from a range to test a replacement router?

    Routing and Multi WAN
    2
    2
    2.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      der57
      last edited by

      I think this is a pretty stupid question but the answer is beyond my limited network knowledge.  The answer might involve CARP, or aliases, or something else.  I'm basically lost.

      We are using pfsense (1.2.3) as the main router for a (very) small ISP.  We are getting a new, faster link in addition to the old link.  We're keeping both links; the second will become either a failover or perhaps we'll load-balance across them.

      The old router has only two NICs installed and customers are using it 24/7.  The new router hardware has three NICs.  I want to configure and test the new router with two WAN interfaces before swapping out the old router.  In order to fully test the new router (including some failover or load balancing – want to play around and see what we want to do) I'll need to "borrow" at least one of the addresses from the IP range of the old link, without disrupting the old router.  (I could reboot it, but it must remain in service for probably several weeks while I test the new router.)

      The old link is 1.2.3.64/27 and the old router has this address on its WAN side.  Perhaps 20 of those 32 addresses are in use.  The new link is 4.5.6.192/28.  I can put the entire /28 of the new link on the new router's WAN port, and I intend to eventually put the old link's 1.2.3.64/27 on the new router's AltWAN port, but while testing the new router I want to "borrow" 1.2.3.89/32 from the old link.  I know enough to predict that if I put this address onto two interfaces at once, things won't work because both routers will respond to ARPs on that address and that's bad.

      Unfortunately the addresses used by the old router are scattered above and below the .89 address; I can't just change it to a smaller range, like 1.2.3.64/29.

      Is there a way to associate a disjoint set of addresses with an interface on the old router, so I can move one of the unused IP addresses of the old link to the new router while leaving the old router in full service during the testing period?  Basically I want to change the old router's WAN port from .64/27 to something like .64, .65, .66, .67, .90, and .91.

      Or maybe I'm going about this all wrong?

      1 Reply Last reply Reply Quote 0
      • C
        cpk
        last edited by

        der57,

        First, let me say that I'm new to pfSense, so I may not provide the best information; but I've read the book and used the product enough to think that I understand this part (at least of how I have mine configured).

        From my understanding, if you have a range of IP addresses .64/27 (usable addresses of .65 to .94).  The router to your ISP is using one of those addresses, the pfSense WAN interface is using another, and any 1-to-1 NAT you have configured are used as well.  The 2nd router's WAN can be configured for any unused address for testing.

        If I'm way off, let me know.

        Carl

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.