On Mar 9, 2015, at 8:08 AM, Espen Johansen <[email protected]> wrote:
> Use IP alias if you are on 2.0+
> If you need redundancy (2xpfsense) use carp. All the other options are poor
> workarounds created when pfsense did not support true interface alias.
>
I usually use Proxy ARP for 1:1 NAT virtual IP aliases. That way, an IP
address isn't assigned to an interface on the pfSense firewall itself. If you
are using packages or services on the pfSense firewall that bind to all
addresses ("0.0.0.0") then these will bind to your 1:1 NAT public addresses,
too. With Proxy ARP, there's no IP address to bind to.
IP Aliases are fine, but I find Proxy ARP fine for 1:1 NAT.
Cheers,
Paul.
> Brgds, Espen
>
> 8. mars 2015 16:18 skrev "Tim Hogan" <[email protected]>:
> I have seen that page and I don't know about "saying it all". I still cannot
> figure out what the advantages and disadvantages are. All I want is to be
> able to do a 1:1 NAT with some public IP addresses. These addresses do not
> need to be used by the firewall directly. So in this case it would sound
> like using Proxy ARP would be the best choice. But are there any
> disadvantages? What about performance?
>
> Regards.
>
> On 3/8/2015 7:42 AM, PiBa wrote:
> Says it all: https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses
> Which is better, that depends on what you need it to do.
>
> Tim Hogan schreef op 8-3-2015 om 13:48:
> I am setting up my firewall to do 1:1 NAT with a block of public IP
> addresses. I have found several posts about setting up 1:1 NAT and some of
> them say to use Proxy ARP when creating the Virtual IP and others say to use
> IP Alias. Can someone full explain the difference between the two and offer
> an opinion as to which would be better to use?
>
> Regards
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
>
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
