Re: [pfSense Support] Multiple IPs

Wed, 04 Jul 2007 21:07:21 -0700 

What did the trick for you?

On 05/07/2007, at 1:06 AM, Dave Cabot wrote:


Ok, she's working.  Thanks guys, esp Tim.

Dave

-----Original Message-----
From: Dave Cabot [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 03, 2007 10:20 PM
To: [email protected]
Subject: RE: [pfSense Support] Multiple IPs

Let me be pedantic.
By router maybe you mean the modem that's upline of the firewall. Pls let 
me know.
Also, let go over some of the details of my config so you can tell me if 
I've done something stupid:
In Interfaces | WAN I have the IP address configured as X.X.X. 146/29 and the 
gateway x.x.x.145.

In Firewall | Virtual IPs I have four defined:

X.x.x.147/32  Proxy ARP
X.x.x.148/32  Proxy ARP
X.x.x.149/32  Proxy ARP
X.x.x.150/32  Proxy ARP
Now, assuming that I've done this correct, I've added some Firewall | NAT | 
Port Forwards based off of the Virtual IP & port.
If all this is correct, then all I should have to do is reboot the ISP's 
modem.

Dave

-----Original Message-----
From: Tim Dickson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 03, 2007 7:27 PM
To: [email protected]
Subject: RE: [pfSense Support] Multiple IPs

The IP's are in the same subnet right?
If you can use the ip's bypassing pfSense, then pfSense can use the IP's.
Add them to the Virtual IP's list, apply your settings and then reboot the 
router (not pfSense, fyi...maybe that is where you have been stuck)
What this does is pfSense now answers for the IP's you've added to the list. If they are usuable, then pfSense will respond to them. IF you are still having trouble, power down your router for a longer period of time. It is necessary for it to clear it's cache and resend it's arp requests so pfSense 
can respond.

I guarantee it is not an issue with pfSense I have it working on every
install I've done (that needed multiple IP's that is) -Tim

-----Original Message-----
From: Dave Cabot [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 03, 2007 6:10 PM
To: [email protected]
Subject: RE: [pfSense Support] Multiple IPs
Didn't work. What can we do to collect info in order to determine what the actual problem is? If it's the kernel, we need to know so a patch may be 
done.

Dave

-----Original Message-----
From: Tim Dickson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 03, 2007 4:40 PM
To: [email protected]
Subject: RE: [pfSense Support] Multiple IPs
And be sure to reboot your router! Sometimes the cache time is reallllly 
long -tim

-----Original Message-----
From: Dave Cabot [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 03, 2007 3:16 PM
To: [email protected]
Subject: RE: [pfSense Support] Multiple IPs
I did try that and as you said, it doesn't work. I'm going to try to switch interfaces and see if it'll work on the vr0 device. (currently using a 
rl0).

Thanks,
Dave

-----Original Message-----
From: jai lamerton [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 03, 2007 12:37 AM
To: [email protected]
Subject: Re: [pfSense Support] Multiple IPs

Dave, its under firewall->Virtual IP's
It's interesting but as I mentioned before I tried to get proxy ARP to work but couldn't get pfsense to respond to "who has" arp requests for any IP 
other than the WAN.
Does anyone know if some network cards are just so shitty (rl0) that they 
will now work with proxy ARP?
I would assume it has to do with the kernel and not the network card.

On 03/07/2007, at 1:41 PM, Dave Cabot wrote:


How do I do that exactly?  I thought ARP was self-discovery.

Dave

-----Original Message-----
From: Tim Dickson [mailto:[EMAIL PROTECTED]
Sent: Monday, July 02, 2007 8:13 PM
To: [email protected]
Subject: RE: [pfSense Support] Multiple IPs

You will need to set arp up because your firewall needs to say "hey
I'm here... send these packets to me"
After you do that you may need to power cycle your router to clear
it's arp cache.
It works great... use it on all my sites.
-Tim

-----Original Message-----
From: jai lamerton [mailto:[EMAIL PROTECTED]
Sent: Monday, July 02, 2007 5:22 PM
To: [email protected]
Subject: Re: [pfSense Support] Multiple IPs

I was unsuccessful in achieving this type of setup, which is strange
as it seems it should be very possible.
According to that link I don't need to add the IP addresses as proxy
ARP, It should just work with 1:1 NAT. I might have another go with
just the NAT.

I would be interested to know how you went.

Cheers.

On 03/07/2007, at 2:29 AM, sai wrote:


On 7/2/07, Dave Cabot <[EMAIL PROTECTED]> wrote:

How does pfS handle multiple IPs on the WAN interface?  Would it
just be filter rules or the port fowarding?

My ISPs gateway will be x.x.x.145.  I've got x.x.x.146-x.x.x.150
(netmask
255.255.255.248)  I'll set the WAN port to x.x.x.150, but I need it
to receive the packets for all 5 IPs.  I need to be able to forward
based off of IP and port to whatever server inside the LAN. Is this 


doable?




Its doable. See http://doc.m0n0.ch/handbook/examples.html#id2603650

pfSense is based on m0n0 and this should help you get started.
-------------------------------------------------------------------- - 
To unsubscribe, e-mail: [EMAIL PROTECTED] For
additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional 


commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional 


commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional 


commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





NTech Media
Media to the Nth Degree

PO Box 1183, Lismore, NSW 2480 Australia
Web:  http://www.ntechmedia.com
ph (w):  (02) 66 22 27 25
ph (m):  (+61 ) 4 04 466 589
Fax: (02) 66 22 27 16
PGPkey: http://www.sky.net.au/pgp/jai_public.gpgkey



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to