I beleive the key to this is proxy arp. Brgds, Espen 8. mars 2015 23:50 skrev "Bryan D." <[email protected]>:
> While we're on the topic, I have a functioning v2.2 setup that uses a /29 > set of static IPs: > - 1 IP is the gateway address and 5 IPs are "usable" (quite common, I > believe) > - one of the "usable" IPs is assigned to the WAN interface > - the other 4 "usable" IPs are assigned to VIPs > - the WAN IP and VIPs have various port-forward and NAT rules associated > with them > - the WAN IP and 2 of the VIPs serve 3 different domains > (e.g., web, email, VPN -- servers are behind the firewall on isolated > LAN) > - one of the other VIPs is used by mobile VPNs (IPsec and OpenVPN) > > All this works nicely ... as long as the VIPs are CARP VIPs. However, > since I'm not using any fail-over/redundancy, I don't think I should > require CARP VIPs (and I suspect that using CARP VIPs is the reason that, > when the cable modem goes down, I can't get at the pfSense webconfigurator > until I unplug the WAN cable ... it's OK after I plug it back in, even if > the cable modem is still down, but it does need to be unplugged???). > > My interpretation of the nice chart and notes on > https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses > leads me to believe that I can switch the CARP VIPs to be IP Alias VIPs. > However, when I do that, the 2 servers for the 2 domains tied to the VIPs > are no longer accessible from the Internet (but IIRC, the mobile VPNs still > work). > > Can anyone suggest what it is that I don't understand (well, limited to > this behavior, at least)? > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold >
_______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
