• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

ProxyArp question

Scheduled Pinned Locked Moved HA/CARP/VIPs
5 Posts 2 Posters 3.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    hexa
    last edited by Sep 20, 2007, 11:37 PM

    My network should look like this:

    WAN (199.199.199.0/24)
    |
    pfsense nodes (CARP failver)
    |
    –-LAN (10.20.0.0/16: lan to be SNATed)
    |
    ---OPT1 (10.30.0.0/16: servers to be DNATed)
    |
    ---OPT2 ( 199.199.199.10/32, 199.199.199.11/32,..: servers with external IPs)

    I'm strugling to set up OPT2 part of the network. I have no clue how to make some of the IPs from WAN avaliable to servers on OPT2.
    I also use CARP for automatic failover, so bridging WAN and OPT2 would probably be bad.
    I do not wish to delegate a subnet and loose 2 IPS + i have no way of knowing how external many IPs i'll need on OPT2 in the future.
    On linux i do it with proxy arp (ip r a 199.199.199.10 via $OPT2), which basically means that firewall/router answers on WAN and relays data on to OPT2 where server answers listening on external IPs.

    Please help me achive this setup. I would wery much like to replace comand line and bash scripts for fancy webgui. :-)

    1 Reply Last reply Reply Quote 0
    • C
      cmb
      last edited by Sep 21, 2007, 3:52 AM

      For VIP's, you need to use NAT. If you want to use public IP's directly you'll either have to bridge or use a routed subnet.

      1 Reply Last reply Reply Quote 0
      • H
        hexa
        last edited by Sep 21, 2007, 8:10 AM

        I could go with filtered bridge, but won't this break other functionality i want in this set up?

        1 Reply Last reply Reply Quote 0
        • H
          hexa
          last edited by Sep 21, 2007, 8:19 AM

          And what about QoS, can i still do it for WAN IPs?

          1 Reply Last reply Reply Quote 0
          • H
            hexa
            last edited by Sep 22, 2007, 5:46 PM

            @hexa:

            I could go with filtered bridge, but won't this break other functionality i want in this set up?

            If I enable bridge WAN <> OPT2, then DNAT (WAN<>OPT1) rules stop working.
            So bridge isn't a solution.

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received