While we're on the topic, I have a functioning v2.2 setup that uses a /29 set of static IPs: - 1 IP is the gateway address and 5 IPs are "usable" (quite common, I believe) - one of the "usable" IPs is assigned to the WAN interface - the other 4 "usable" IPs are assigned to VIPs - the WAN IP and VIPs have various port-forward and NAT rules associated with them - the WAN IP and 2 of the VIPs serve 3 different domains (e.g., web, email, VPN -- servers are behind the firewall on isolated LAN) - one of the other VIPs is used by mobile VPNs (IPsec and OpenVPN)
All this works nicely ... as long as the VIPs are CARP VIPs. However, since I'm not using any fail-over/redundancy, I don't think I should require CARP VIPs (and I suspect that using CARP VIPs is the reason that, when the cable modem goes down, I can't get at the pfSense webconfigurator until I unplug the WAN cable ... it's OK after I plug it back in, even if the cable modem is still down, but it does need to be unplugged???). My interpretation of the nice chart and notes on https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses leads me to believe that I can switch the CARP VIPs to be IP Alias VIPs. However, when I do that, the 2 servers for the 2 domains tied to the VIPs are no longer accessible from the Internet (but IIRC, the mobile VPNs still work). Can anyone suggest what it is that I don't understand (well, limited to this behavior, at least)? _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold