Using Virtual IPs with PFSense to use Static U-verse IPs



  • Hello,

    I'm attempting to use PFSense to pull down one of my 5 Statics from the U-verse RG.  In order to do this, I need to have a unique MAC address for each IP address.  I've been looking at Virtual IPs under Firewall but am unclear which option to use (Proxy ARP, CARP, Other, IP Alias) and what information to put in each field.

    Is there a walkthrough or WIKI or a configuration that someone could share?

    Thanks!



  • I think there are some docs on docs.pfsense.com that you can follow.
    When you create a CARP (this is what I use) VIP it creates a unique MAC for that VIP. I am not sure about the other, but my guess is that they do.



  • Thanks - couldn't find a lot.  If anyone has a working configuration for U-verse I'd certainly like to see it.



  • There is chapter or 2 in the pfSense book. Which I hope there is going to be a version 2.0 book out soon, unless they are going to wait till 2.1 to do.



  • Thanks - I was able to get the virtual IPs working in CARP..the trick was making the RG recognize they existed.  I simply had to initiate a ping with the source address being the static to the RG and it recognized the new fictious device.

    My only remaining question now is how do I assign one of my Static IPs to a device?  I can't do it via DHCP - it says the device isn't on the same subnet.  I'm assuming the firewall is protecting the statics as well - the 2Wire RG firewall for the statics is disabled.

    Thanks



  • That is where NAT comes into play. You can choose port-forward or 1:1 NAT type.
    Basically you are going to assign the device a static IP or a reservation in DHCP on the LAN subnet, and then use NAT to redirect traffic to the internal IP. You will also have to make sure firewall rules exist if you are going to use 1:1 as port-forward will by default auto-create the FW rules for you.



  • Thanks - you've been a great help.  I know my CARP configuration is correct as it works fine in NAT mode with each port called out but i really need a 1:1 map with all traffic exposed.

    Can you confirm if I am configuring this correctly?

    Interface: WAN
    External Subnet IP: _Virtual IPs in here>
    Internal IP: 10.0.0.22 <this is="" one="" of="" my="" private="" ips="" that="" i="" want="" to="" map="" an="" external="" public="" ip="">Destination: ANY

    Thanks very much</this>_



  • Yes, That sounds correct. Just don't forget the firewall rules. The destination is not the external IP, but the internal IP (10.0.0.22).


Log in to reply