Will vips work with ip´s on 2 dif subnets? *GAVE UP*
-
I have a dhcp from my isp that is 98.x.x.x(pfsense) and also extra static ip that is on 195.x.x.x(former mail server)
can i make the 195 work on the pfsense with carp and 1:1 nat
tried getting it working but i did´t succeed..could that depend on the dif external ip from dif subnet´s?
internal lan is 192.168.55.0/24
opt2 is 192.168.93.0/24 <– mailserver .100possible?
regards
/Fredrik
-
I had a similar situation here: http://forum.pfsense.org/index.php/topic,7039.0.html
My solution was to add the additional VIPs as 'other'.
Failover worked perfectly for me, as the provider was routing the blocks directly to me. The only issue I had was that the type 'other' VIPS broke the DHCP failover- I never had the time to put together a test system and verify this was a real bug, and not something else. The equipment has since moved to a new location and a contiguous block.
-
thnx for the reply..seems like that box will continue to be on the outside of the pfsense box :/
http://www.openbsd.org/faq/pf/carp.html
"CARP works by allowing a group of hosts on the same network segment to share an IP address. This group of hosts is referred to as a "redundancy group". The redundancy group is assigned an IP address that is shared amongst the group members. Within the group, one host is designated the "master" and the rest as "backups". The master host is the one that currently "holds" the shared IP; it responds to any traffic or ARP requests directed towards it. Each host may belong to more than one redundancy group at a time."
/F
-
Adding the 195.x.x.x address as a type 'other' VIP should work, assuming you have a working CARP cluster setup. Re-reading your original post, it looks as if you don't have a CARP cluster, as the WAN is on DHCP. I may have misunderstood your setup. If you are just looking to add a VIP that is outside of your WAN subnet, you should be able to use Proxy-ARP or other for the VIP. There should not be a problem with your setup.
-
Sorry, was a bit stressed when i typed the first post
it have nothing with carp to do..only vips
I tried the setup at work with both ip´s in the same subnet and that worked like a charm
i just dont get it working here i have tried "proxy arp" and "other"
also 1:1 and regular nat with 195.x.x.x as "external address"
i have generated traffic from the outside and have never seen any traffic destinated for 195.x.x.x.xIs it possible that my isp is blocking arp requests between the vlan?..or something like that?
regards /Fredde
-
Your ISP should just be routing the IP to you. If you can traceroute to both IPs from another location, you can check if the paths seem different.
-
i have a 3com with vlan configured
port 1-6 = internet, where mailserver is located otherwise without protection of pfsense :/
port 13 = dmz1 where i put the mailserver when i try to get vips workingi have several other vlans running also so there is no prb with vlan config
So the ip is working fine when running externally.
starting to think that the isp is doing something that prevents this from working for me.
o well..i´ll try some more tomorrow
/F
-
still not getting it working
i´ll add some screenshots
i have tried with and without portforwarding(and removed 1:1) that doesent work eather
i´m i missing something here?
do i need to do something on the "nat outbound" rule?
should i see the external adress when typing "arp -a" ?
i´m trying to connect from the outside on port 25,80,110 and i dont see any traffic at all comming with dest 195.x.x.xedit3
edit4
tried again at work and it works like a charm there..must be something my isp is doing, maby sending me several vlans or something
/F
