On 03/08/2015 06:50 PM, Bryan D. wrote: > My interpretation of the nice chart and notes on > https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses > leads me to believe that I can switch the CARP VIPs to be IP Alias VIPs. > However, when I do that, the 2 servers for the 2 domains tied to the VIPs are > no longer accessible from the Internet (but IIRC, the mobile VPNs still work). > > Can anyone suggest what it is that I don't understand (well, limited to this > behavior, at least)?
As has been hinted at elsewhere in the thread, your problem is likely layer 2-related. CARP VIPs get their own unique MAC address. Proxy ARP and IP Alias VIP MAc addresses are shared with the NIC itself. Changing from CARP to Proxy ARP or IP Alias would cause the MAC address of the VIP to change, which may require clearing the ARP cache on the modem/upstream router/etc. Another possibility is that your upstream requires each additional IP address to have a unique MAC address. We have seen this with some ISPs / certain modems and it's a bit of a pain. CARP works around it because each VIP on a different VHID has a unique MAC address, where IP alias and Proxy ARP VIPs all have the same MAC address. So there isn't a clear answer here. Likely, it would be OK to use Proxy ARP, but you'll need to reboot the modem or upstream router. If that still fails and CARP works, then your ISP or upstream equipment must be expecting each IP to have a unique MAC address. Jim _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
