• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Static IPs and CARP related questions

Scheduled Pinned Locked Moved HA/CARP/VIPs
2 Posts 1 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    srs06
    last edited by Feb 29, 2012, 3:21 PM

    I'm running pfSense 2.0 on an appliance I built. So far, no issues.  The set-up is for a very small business.

    I have Verizon FiOS with 5 static IPs.  My IP block is its own /29 subnet but the Verizon GW is in a /24 subnet.  The only way I've gotten multiple IPs to work so far (I've only used one of the extras) is to create a VIP group with CARP.  So my first question is: Is this really a routed subnet I just didn't figure out how to set up?  I'm thinking the router has to be in the same subnet.  If not, do I really need CARP here?  I also tried using Proxy ARP but couldn't get it to work.  I suspect that was just me not understanding something there.  Any guidance here appreciated.  I have the book as a reference.

    Second, to go to CARP failover do I then definitely need a routed subnet?  If not, can failover CARP coexist with my existing CARP VIPs?

    Lastly, if I get that far, I still have only 5 IPs.  I'd like to NAT the secondary router IP for secondary DNS.  Can the secondary be used like that?  I'm wondering if I also have to get a bigger block.  In a single router set-up I'd have a need for at least 3 of the 5 static IPs (maybe 4).  I'm wondering what the math is to extend that – I assume it's not always just doubling it since the secondary is usually not routing anything (only that secondary DNS if that sort of set-up is possible).

    1 Reply Last reply Reply Quote 0
    • S
      srs06
      last edited by Mar 1, 2012, 3:11 AM

      Some more details/ideas here after reading the book again:

      Since I don't appear to have a true routed subnet, it looks like I could connect a switch to the Verizon ONT.  Off that switch I'd see my 5 IPs (I believe I did test this back at install time).  I'd use 3 of those 5 for a CARP failover set-up.  If that's all true (I think it is), then my question is how I can use the other 2 IPs.  Without the switch I use CARP/VIPs to associate those other addresses to my primary IP.  It's not clear to me how that looks with a switch in between the two now.  Seems like I could either still do the CARP/VIP trick (switch has no effect other than splitting off the two IPs I need to separate for failover), or it seems like I might have to have pfSense see the split extra IPs as multiple WAN IPs (which I'd use without failover).  The problem with that second scenario would seem to be that I can no longer pool the extras for a set of NAT rules to fan them out to the DMZ behind pfSense – that if I split them either one pfSense box would get the extra two, or each pfSense box (primary, secondary) would get one of the two extras.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received