Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Public IP's / Carp or Other

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    5 Posts 2 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      twistedstorm
      last edited by

      Hello,

      I have been reading the forums, my awesome pfSense book, and the Internet figuring out how to do what I want to do. The goal is to have some webservers with front facing public ips routed to the internal network. I have a interface specifically designated as a DMZ and a continuous /29 from the ISP. I have been reading about carpvip and othervip under NAT 1:1ย  what are the differences and best options. Is carp or other NAT the best way to front face public ips from the internal network? Thank you very much for your response.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That depends on how that /29 is delivered to you. If your WAN IP and gateway are inside of that /29, then CARP VIPs would be fine. If that /29 is routed to your WAN IP that resides in another subnet, you can use 'other' type VIPs.

        Either way, 1:1 NAT should be fine.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • T
          twistedstorm
          last edited by

          So what I'm gathering from your response Jimp is use 'carpvip' if you can, if its not a possibility than use the 'other'. Am i reading you right? It great to know that you dont need to implement the carp redundancy system to take advantage of carpvip's. By the way I love the book I read it like some people read the bible at night.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            That isn't necessarily always the case. There are cases where Proxy ARP is good, or on 2.0 an IP Alias might be needed. It's all explained in the book and on the wiki. :-)

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • T
              twistedstorm
              last edited by

              I have 2.0 installed here at home but just for a little while longer I am going to wait to install 2.0 in a production environment. Thanks for all your advice I'll read about Proxy ARP I could of swore I remembered reading something about trouble with FTP.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.