Public IP's / Carp or Other

  • Hello,

    I have been reading the forums, my awesome pfSense book, and the Internet figuring out how to do what I want to do. The goal is to have some webservers with front facing public ips routed to the internal network. I have a interface specifically designated as a DMZ and a continuous /29 from the ISP. I have been reading about carpvip and othervip under NAT 1:1  what are the differences and best options. Is carp or other NAT the best way to front face public ips from the internal network? Thank you very much for your response.

  • Rebel Alliance Developer Netgate

    That depends on how that /29 is delivered to you. If your WAN IP and gateway are inside of that /29, then CARP VIPs would be fine. If that /29 is routed to your WAN IP that resides in another subnet, you can use 'other' type VIPs.

    Either way, 1:1 NAT should be fine.

  • So what I'm gathering from your response Jimp is use 'carpvip' if you can, if its not a possibility than use the 'other'. Am i reading you right? It great to know that you dont need to implement the carp redundancy system to take advantage of carpvip's. By the way I love the book I read it like some people read the bible at night.

  • Rebel Alliance Developer Netgate

    That isn't necessarily always the case. There are cases where Proxy ARP is good, or on 2.0 an IP Alias might be needed. It's all explained in the book and on the wiki. :-)

  • I have 2.0 installed here at home but just for a little while longer I am going to wait to install 2.0 in a production environment. Thanks for all your advice I'll read about Proxy ARP I could of swore I remembered reading something about trouble with FTP.

Log in to reply