Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Virtual IP's with a /24 public subnet

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    7 Posts 2 Posters 4.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Swordforthelord
      last edited by

      I'm using pfSense 2.0 and I have 5 static IP addresses with my ISP.  Normally I can add the 4 additional addresses as IP Aliases and use them in port forwarding rules but for some reason I cannot in this instance.  My ISP denies there is an issue with the additional IP's so I'm not sure if they're wrong or if the /24 subnet they provide is throwing things off.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        IP Alias should work in that case, as should Proxy ARP or CARP.

        Depending on how the link on your WAN is setup, they may have some additional requirements there. In some cases we have seen where the ISP requires a unique MAC address for each IP, so using CARP VIPs might help there.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          Swordforthelord
          last edited by

          Thanks.  I just checked and they said they don't require it.  It's crazy, I have the exact same setup at my own office but with a different ISP; everything I test here works perfectly but nothing works there.  I'm still not sure if it's the ISP or if the router is corrupt (mostly because I don't want it to be the ISP; they don't have the most knowledgeable tech support); it's been there since Beta 1 or 2.  I may have to default the router and put in a bare bones setup and test again.  If that fails, I'm not sure how to get the ISP to recognize their issue.

          1 Reply Last reply Reply Quote 0
          • S
            Swordforthelord
            last edited by

            Okay, I'm getting some VERY strange behavior from the Virtual IP page.  I'm still trying to get these public IP's to work.  Let's say they are:
            1.1.1.83/24
            1.1.1.84/24
            1.1.1.85/24
            1.1.1.86/24
            Just a reminder, /24 is the actual subnet my isp provides.  For the .83 entry, I am missing options present for the other 3 virtual IPs.  For certain types, I cannot change the subnet and I do not have the option to "Disable expansion of this entry into IPs on NAT lists" for ANY of the VIP types in the .83 entry.

            Screenshot.3.jpg
            Screenshot.3.jpg_thumb
            Screenshot.4.jpg
            Screenshot.4.jpg_thumb

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              The screenshot you show looks right.

              IP Alias is always a single address and always has a subnet mask.

              Proxy ARP can be a single address or a "network". When it's set to single address you don't choose a subnet for proxy arp, when it's set to a network that subnet mask controls how many proxy ARP VIPs are created, and you can disable the NAT expansion only then because with a single address you cannot expand it.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • S
                Swordforthelord
                last edited by

                Augh, sorry, I'm so aggravated with this that I'm clutching at straws. :)

                1 Reply Last reply Reply Quote 0
                • S
                  Swordforthelord
                  last edited by

                  Update, I finally got the ISP out there and it was an issue on their side so all is well now.  Thanks again!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.