Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Will vips work with ip´s on 2 dif subnets? *GAVE UP*

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    8 Posts 2 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest
      last edited by

      I have a dhcp from my isp that is 98.x.x.x(pfsense) and also extra static ip that is on 195.x.x.x(former mail server)

      can i make the 195 work on the pfsense with carp and 1:1 nat

      tried getting it working but i did´t succeed..could that depend on the dif external ip from dif subnet´s?

      internal lan is 192.168.55.0/24
      opt2 is          192.168.93.0/24 <– mailserver .100

      possible?

      regards
      /Fredrik

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        I had a similar situation here: http://forum.pfsense.org/index.php/topic,7039.0.html

        My solution was to add the additional VIPs as 'other'.
        Failover worked perfectly for me, as the provider was routing the blocks directly to me. The only issue I had was that the type 'other' VIPS broke the DHCP failover- I never had the time to put together a test system and verify this was a real bug, and not something else. The equipment has since moved to a new location and a contiguous block.

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          thnx for the reply..seems like that box will continue to be on the outside of the pfsense box :/

          http://www.openbsd.org/faq/pf/carp.html

          "CARP works by allowing a group of hosts on the same network segment to share an IP address. This group of hosts is referred to as a "redundancy group". The redundancy group is assigned an IP address that is shared amongst the group members. Within the group, one host is designated the "master" and the rest as "backups". The master host is the one that currently "holds" the shared IP; it responds to any traffic or ARP requests directed towards it. Each host may belong to more than one redundancy group at a time."

          /F

          1 Reply Last reply Reply Quote 0
          • dotdashD
            dotdash
            last edited by

            Adding the 195.x.x.x address as a type 'other' VIP should work, assuming you have a working CARP cluster setup. Re-reading your original post, it looks as if you don't have a CARP cluster, as the WAN is on DHCP. I may have misunderstood your setup. If you are just looking to add a VIP that is outside of your WAN subnet, you should be able to use Proxy-ARP or other for the VIP. There should not be a problem with your setup.

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              Sorry, was a bit stressed when i typed the first post

              it have nothing with carp to do..only vips

              I tried the setup at work with both ip´s in the same subnet and that worked like a charm

              i just dont get it working here i have tried "proxy arp" and "other"

              also 1:1 and regular nat with 195.x.x.x as "external address"
              i have generated traffic from the outside and have never seen any traffic destinated for 195.x.x.x.x

              Is it possible that my isp is blocking arp requests between the vlan?..or something like that?

              regards /Fredde

              1 Reply Last reply Reply Quote 0
              • dotdashD
                dotdash
                last edited by

                Your ISP should just be routing the IP to you. If you can traceroute to both IPs from another location, you can check if the paths seem different.

                1 Reply Last reply Reply Quote 0
                • ?
                  Guest
                  last edited by

                  i have a 3com with vlan configured
                  port 1-6 = internet, where mailserver is located otherwise without protection of pfsense :/
                  port 13 = dmz1 where i put the mailserver when i try to get vips working

                  i have several other vlans running also so there is no prb with vlan config

                  So the ip is working fine when running externally.

                  starting to think that the isp is doing something that prevents this from working for me.

                  o well..i´ll try some more tomorrow

                  /F

                  1 Reply Last reply Reply Quote 0
                  • ?
                    Guest
                    last edited by

                    still not getting it working

                    i´ll add some screenshots

                    i have tried with and without portforwarding(and removed 1:1) that doesent work eather

                    i´m i missing something here?

                    do i need to do something on the "nat outbound" rule?
                    should i see the external adress when typing "arp -a" ?
                    i´m trying to connect from the outside on port 25,80,110 and i dont see any traffic at all comming with dest 195.x.x.x

                    edit3

                    edit4
                    tried again at work and it works like a charm there..must be something my isp is doing, maby sending me several vlans or something
                    /F

                    1to1.JPG
                    1to1.JPG_thumb
                    fw-rules.JPG
                    fw-rules.JPG_thumb
                    portforward.JPG_thumb
                    portforward.JPG

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.