Netgate SG-1000 microFirewall

Author Topic: How common are IP Aliases on WAN interfaces?  (Read 759 times)

0 Members and 1 Guest are viewing this topic.

Offline coreybrett

  • Jr. Member
  • **
  • Posts: 52
  • Karma: +0/-0
    • View Profile
How common are IP Aliases on WAN interfaces?
« on: January 27, 2014, 10:07:34 am »
How common are IP Aliases on WAN interfaces?

I am having a problem with my RCN internet connection.
I have a /28 network block with my connection.
On the WAN interface I have 146.x.x.2 assigned and I also have 146.x.x.3, 146.x.x.4, 146.x.x.5 and 146.x.x.6 configured as aliases.
The reason for multiple IPs is exposing several SSL websites on my internal network via port forwarding.
Problem is, only the dot 2 address is accessible from the Internet. I know that dot 3 dot 6 is working on the WAN side of pfSense by testing with a laptop, but from the Internet they are unreachable.

I have been trying to explain to RCN tech support that I have 2 6 all assigned to the same interface on the same device, but they seem to think I am crazy for doing so.

Am I?

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21300
  • Karma: +1418/-26
    • View Profile
Re: How common are IP Aliases on WAN interfaces?
« Reply #1 on: January 31, 2014, 09:41:08 am »
IP Aliases are very common on WANs in that style of deployment on a single unit (clusters would use CARP VIPs). If you are using them purely for NAT, then either IP Alias or Proxy ARP would be the type used normally in that situation.

There are some upstream modems/sources that want each IP to have a unique MAC address, which would happen with CARP but not IP Alias. So you might try seeing if using a CARP VIP will work. Such requirements are infrequent, but it's worth trying.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline coreybrett

  • Jr. Member
  • **
  • Posts: 52
  • Karma: +0/-0
    • View Profile
Re: How common are IP Aliases on WAN interfaces?
« Reply #2 on: October 27, 2017, 11:06:52 am »
Thanks for the info. Sorry for the REALLY late reply.

I ended up dumping RCN because their support was horrible and went back to Comcast which worked fine with IP Alias config.

If I ever run into this again and want to use the CARP option, would I need to fill in the Virtual IP Password, VHID Group or Advertising frequency when using a single firewall?

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14276
  • Karma: +1329/-191
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: How common are IP Aliases on WAN interfaces?
« Reply #3 on: October 30, 2017, 07:44:04 am »
Talk about late? ;)  This thread was from 2014... Almost 4 years late... wow.. hehehe
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.1-RELEASE on VM esxi 6.5 (home)

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21300
  • Karma: +1418/-26
    • View Profile
Re: How common are IP Aliases on WAN interfaces?
« Reply #4 on: October 31, 2017, 09:03:52 am »
If I ever run into this again and want to use the CARP option, would I need to fill in the Virtual IP Password, VHID Group or Advertising frequency when using a single firewall?

Yes, you still need to fill that in even if it's a single unit since they are all required parameters to configure CARP.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!