Virtual IP ARP entry spoofing - is it possible?



  • My setup is as follows:

    ISP_Router_(IF:x.x.x.1)–--(IF:x.x.x.5)_pfSense(VM)_GREEN_LAN(IF:y.y.y.5)----Switch----Internal_Devices

    I have a virtual IP configured on pfSense as x.x.x.12 and a Port Forward rule sending all traffic from x.x.x.12:443 -> y.y.y.202:443

    This worked find until I upgraded to Fibre and the ISP changed my router. Having snooped the traffic on the WAN interface of the pfSense I can see what the issue is but am unsure how to proceed.

    The old ISP router was able to forward traffic to the VIP (x.x.x.12) using IP address.

    The new router (HG633) seems to only be able to forward to MAC address. I have confirmed this snooping the WAN interface and can see the external traffic being targeted at the x.x.x.5 (WAN) interface not the x.x.x.12 (VIP) interface.

    Is it possible to setup a VIP with an alternate (spoofed?) ARP address. I've looked around the GUI and tried various VIP types but there doesn't seem to be an option.

    If anyone has any ideas it would be much appreciated. 'Talking' to the ISP is proving challenging.



  • CARP IPs use virtual MACs. That's usually what people do in that circumstance.



  • Thanks for the response. I'm not sure how this helps. I've looked at CARP settings and configurations and I'm unable to work out what needs to be done. If you have an example you can share I would appreciate it.

    Thanks
    Shaun



  • It's automatic, the MAC of the CARP IP is determined by its VHID.