Just noticed that 2.0 had this fixed. I red the link on my mobile and my eyes hurt reading that table. It seems propper alias is there and that means proxy-arp should no longer be used as it was done as a workaround for the missing alias functionality.
Then I think Brian is right regarding the mac/arp timeout. And if so a reboot of pfsense and router/modem should clear that up quickly. If the modem is a true bridge then you might have to wait for the uplink router to update its arp table. I have had issues with that in the past. Brgds, Espen 9. mars 2015 12:24 skrev "Espen Johansen" <[email protected]>: > My bad. The IP can be in the same subnet as well as in a different subnet. > As far as a true alias goes it is not implemented afaik. Try ifconfig in a > shell and see if your aliases are listed as ips on the interface. If they > where they would respond to ping and have a derived mac from the main > interface and the firewall itself would be able to use them. > > https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses > > Just try the ifconfig command and you will see what I mean. Forget what > the GUI says. > > Brgds, Espen > 9. mars 2015 12:13 skrev "Brian Candler" <[email protected]>: > >> I guess it's time for me to dig out the actual configurations to settle >> this. >> >> * the box with a proxy ARP VIP is running pfSense-2.0.1. (OK, it's >> probably due an upgrade, but when things just work they tend to be left >> alone :-) >> >> The WAN address is x.x.x.x/6.28, and the proxy ARP virtual IP is >> x.x.x.7/32 (i.e. it *is* in the same subnet) >> >> * the box with an IP alias VIP is pfSense-2.1. (Also due an upgrade :-) >> >> It is actually part of a failover pair. The WAN addresses are >> y.y.y.{229,230}/28 and the WAN-CARP interface is y.y.y.228/28. >> The IP Alias interface is y.y.y.238/28 and attached to the WAN-CARP >> interface. I think I did it this way so that the alias moved with the CARP >> master. >> >> In both cases the alias is being used for NAT, and it's working fine, >> i.e. happily responding to ARP from upstream router. >> >> The thing to note about the configuration is that the Proxy ARP VIP has a >> /32 netmask (so it only responds to one address) and the IP Alias VIP has a >> /28 netmask (to match the subnet it is aliased on) >> >> Regards, >> >> Brian. >> >> _______________________________________________ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> >
_______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
