IP Aliasses on single NIC



  • Hi Guys,

    Strangly enough I can't seem to find a 'real' awnser to this.

    I've been looking at multiple related topics in the forum but can't find any closes topics.

    Short story:

    I'm looking to install two clustered firewalls/routers infront of a VMWARE ESX clustered enviroment running about 20 to 30 virtualized servers defided in about 10 ip subnets. Let's say 192.168.1.0/24 , 192.168.2.0/24 , 192.168.3.0/24 and so on. Because they are running servers for different goals they can't be on the same subnet.

    Now, because of some features there is a /24 'real' subnet available in the datacenter connected to the AMS-IX. I'll be using 30 to 40 of those. So the wan will be running 83.82.81.1/24 , 83.82.81.2 , 83.82.81.3 and so on.

    Because I can't have as many nic's in the system as I need IP's I would like to know if PfSense supports  IP alliassing.

    For the sake of argument let's say I have only two physical nic's next to the carp nic in each server. Is it possible to run this many VIP's on 1 or 2 NIC's while still having full functionallity (firewalling, PAT…..)?

    Thanks very much!

    Kind Regards.



  • Traditional FreeBSD alias' are not currently supported. There is an open bounty, if you are interested in sweetening the pot. Barring that, you probably just want to use a VLAN switch and create separate VLANs for the subnets. You can alias as many publics from your WAN subnet as you need and have them fail over with CARP. I'm assuming the Vmware cluster will work with this setup, but don't really have any experience with Vmware, so YMMV…



  • I've been successful in adding VIP's using these commands for each VIP in the pfsense config (xl0 is my WAN interface):

    
     <system>...
    <shellcmd>ifconfig xl0 10.1.1.254 alias</shellcmd>
    <shellcmd>route add 10.1.1.0/24 -iface xl0</shellcmd>
    ...</system> 
    

    Note I then had to add manual outbound NAT for each VIP created (192.168.10.0 is my LAN subnet):

    WAN | 192.168.10.0 | * | 10.1.1.0/24 | * | 10.1.1.254 | * | NO

    WAN | 192.168.10.0 | * | * | * | 192.168.0.2 | * | NO

    (The second entry is the actual WAN interface IP)

    I set this up a while ago, and foolishly didn't document any of it! So I hope this makes sense to you.


Log in to reply