On 2/6/06, Brad Bendy <[EMAIL PROTECTED]> wrote: > Yeah, exactly! Another twist to is acutally then have CARP on top of the whole > thing for failover firewalls :) I knew I would have to use Virtual IPs, but > im still confused on how I would define the new default gateway for the > second subnet, and also I might have to setup a second LAN subnet so I can > NAT the whole thing. Im seeing if they can give me each subnet over a > seperate VLAN, since then I have two "interfaces" per say. Any ideals though > on my gateway issue and the second private subnet for NAT pruposes. Google > seems no help since I think no one is doing this really, heh.
Personally, I'd have them drop both subnets down your pipe and just deal with them on your end. You will need to put a static route on your WAN modem (I didn't catch if this was DSL, so I won't specify a technology here) pointing the new subnet to your existing pfSense box (CARP ip if multiple boxes) - in this case, you only need carp virtual IPs for the existing subnet, you'll want "other" virtual IPs for the new subnet (no need to run carp on them, the packets are already routed to "the right place"). Right now you can't put interface aliases on interfaces in pfSense (that code is work in progress) and we don't yet support carpdev, so the alternative method of just running two IP subnets on top of the same layer 2 network won't work here. The last alternative is putting another NIC in the pfSense box to handle the other IPs on the same vlan, but unless your modem can provide you with a second address (the policy based routing requires unique gateway addresses), that's unlikely to work. At any rate, you've got a couple options (you already mentioned vlans) and I'm confident that there's at least two ways this _could_ work, one of which I know will work. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
