ProxyArp question
-
My network should look like this:
WAN (199.199.199.0/24)
|
pfsense nodes (CARP failver)
|
–-LAN (10.20.0.0/16: lan to be SNATed)
|
---OPT1 (10.30.0.0/16: servers to be DNATed)
|
---OPT2 ( 199.199.199.10/32, 199.199.199.11/32,..: servers with external IPs)I'm strugling to set up OPT2 part of the network. I have no clue how to make some of the IPs from WAN avaliable to servers on OPT2.
I also use CARP for automatic failover, so bridging WAN and OPT2 would probably be bad.
I do not wish to delegate a subnet and loose 2 IPS + i have no way of knowing how external many IPs i'll need on OPT2 in the future.
On linux i do it with proxy arp (ip r a 199.199.199.10 via $OPT2), which basically means that firewall/router answers on WAN and relays data on to OPT2 where server answers listening on external IPs.Please help me achive this setup. I would wery much like to replace comand line and bash scripts for fancy webgui. :-)
-
For VIP's, you need to use NAT. If you want to use public IP's directly you'll either have to bridge or use a routed subnet.
-
I could go with filtered bridge, but won't this break other functionality i want in this set up?
-
And what about QoS, can i still do it for WAN IPs?
-
I could go with filtered bridge, but won't this break other functionality i want in this set up?
If I enable bridge WAN <> OPT2, then DNAT (WAN<>OPT1) rules stop working.
So bridge isn't a solution.