Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IP Aliasses on single NIC

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      goran
      last edited by

      Hi Guys,

      Strangly enough I can't seem to find a 'real' awnser to this.

      I've been looking at multiple related topics in the forum but can't find any closes topics.

      Short story:

      I'm looking to install two clustered firewalls/routers infront of a VMWARE ESX clustered enviroment running about 20 to 30 virtualized servers defided in about 10 ip subnets. Let's say 192.168.1.0/24 , 192.168.2.0/24 , 192.168.3.0/24 and so on. Because they are running servers for different goals they can't be on the same subnet.

      Now, because of some features there is a /24 'real' subnet available in the datacenter connected to the AMS-IX. I'll be using 30 to 40 of those. So the wan will be running 83.82.81.1/24 , 83.82.81.2 , 83.82.81.3 and so on.

      Because I can't have as many nic's in the system as I need IP's I would like to know if PfSense supports  IP alliassing.

      For the sake of argument let's say I have only two physical nic's next to the carp nic in each server. Is it possible to run this many VIP's on 1 or 2 NIC's while still having full functionallity (firewalling, PAT…..)?

      Thanks very much!

      Kind Regards.

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        Traditional FreeBSD alias' are not currently supported. There is an open bounty, if you are interested in sweetening the pot. Barring that, you probably just want to use a VLAN switch and create separate VLANs for the subnets. You can alias as many publics from your WAN subnet as you need and have them fail over with CARP. I'm assuming the Vmware cluster will work with this setup, but don't really have any experience with Vmware, so YMMV…

        1 Reply Last reply Reply Quote 0
        • R
          ryall
          last edited by

          I've been successful in adding VIP's using these commands for each VIP in the pfsense config (xl0 is my WAN interface):

          
           <system>...
          <shellcmd>ifconfig xl0 10.1.1.254 alias</shellcmd>
          <shellcmd>route add 10.1.1.0/24 -iface xl0</shellcmd>
          ...</system> 
          

          Note I then had to add manual outbound NAT for each VIP created (192.168.10.0 is my LAN subnet):

          WAN | 192.168.10.0 | * | 10.1.1.0/24 | * | 10.1.1.254 | * | NO
          …
          WAN | 192.168.10.0 | * | * | * | 192.168.0.2 | * | NO

          (The second entry is the actual WAN interface IP)

          I set this up a while ago, and foolishly didn't document any of it! So I hope this makes sense to you.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.