Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Static IPs and CARP related questions

    HA/CARP/VIPs
    1
    2
    1333
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      srs06 last edited by

      I'm running pfSense 2.0 on an appliance I built. So far, no issues.  The set-up is for a very small business.

      I have Verizon FiOS with 5 static IPs.  My IP block is its own /29 subnet but the Verizon GW is in a /24 subnet.  The only way I've gotten multiple IPs to work so far (I've only used one of the extras) is to create a VIP group with CARP.  So my first question is: Is this really a routed subnet I just didn't figure out how to set up?  I'm thinking the router has to be in the same subnet.  If not, do I really need CARP here?  I also tried using Proxy ARP but couldn't get it to work.  I suspect that was just me not understanding something there.  Any guidance here appreciated.  I have the book as a reference.

      Second, to go to CARP failover do I then definitely need a routed subnet?  If not, can failover CARP coexist with my existing CARP VIPs?

      Lastly, if I get that far, I still have only 5 IPs.  I'd like to NAT the secondary router IP for secondary DNS.  Can the secondary be used like that?  I'm wondering if I also have to get a bigger block.  In a single router set-up I'd have a need for at least 3 of the 5 static IPs (maybe 4).  I'm wondering what the math is to extend that – I assume it's not always just doubling it since the secondary is usually not routing anything (only that secondary DNS if that sort of set-up is possible).

      1 Reply Last reply Reply Quote 0
      • S
        srs06 last edited by

        Some more details/ideas here after reading the book again:

        Since I don't appear to have a true routed subnet, it looks like I could connect a switch to the Verizon ONT.  Off that switch I'd see my 5 IPs (I believe I did test this back at install time).  I'd use 3 of those 5 for a CARP failover set-up.  If that's all true (I think it is), then my question is how I can use the other 2 IPs.  Without the switch I use CARP/VIPs to associate those other addresses to my primary IP.  It's not clear to me how that looks with a switch in between the two now.  Seems like I could either still do the CARP/VIP trick (switch has no effect other than splitting off the two IPs I need to separate for failover), or it seems like I might have to have pfSense see the split extra IPs as multiple WAN IPs (which I'd use without failover).  The problem with that second scenario would seem to be that I can no longer pool the extras for a set of NAT rules to fan them out to the DMZ behind pfSense – that if I split them either one pfSense box would get the extra two, or each pfSense box (primary, secondary) would get one of the two extras.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy