I guess it's time for me to dig out the actual configurations to settle
this.
* the box with a proxy ARP VIP is running pfSense-2.0.1. (OK, it's
probably due an upgrade, but when things just work they tend to be left
alone :-)
The WAN address is x.x.x.x/6.28, and the proxy ARP virtual IP is
x.x.x.7/32 (i.e. it *is* in the same subnet)
* the box with an IP alias VIP is pfSense-2.1. (Also due an upgrade :-)
It is actually part of a failover pair. The WAN addresses are
y.y.y.{229,230}/28 and the WAN-CARP interface is y.y.y.228/28.
The IP Alias interface is y.y.y.238/28 and attached to the WAN-CARP
interface. I think I did it this way so that the alias moved with the
CARP master.
In both cases the alias is being used for NAT, and it's working fine,
i.e. happily responding to ARP from upstream router.
The thing to note about the configuration is that the Proxy ARP VIP has
a /32 netmask (so it only responds to one address) and the IP Alias VIP
has a /28 netmask (to match the subnet it is aliased on)
Regards,
Brian.
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
