My bad. The IP can be in the same subnet as well as in a different subnet. As far as a true alias goes it is not implemented afaik. Try ifconfig in a shell and see if your aliases are listed as ips on the interface. If they where they would respond to ping and have a derived mac from the main interface and the firewall itself would be able to use them.
https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses Just try the ifconfig command and you will see what I mean. Forget what the GUI says. Brgds, Espen 9. mars 2015 12:13 skrev "Brian Candler" <b.cand...@pobox.com>: > I guess it's time for me to dig out the actual configurations to settle > this. > > * the box with a proxy ARP VIP is running pfSense-2.0.1. (OK, it's > probably due an upgrade, but when things just work they tend to be left > alone :-) > > The WAN address is x.x.x.x/6.28, and the proxy ARP virtual IP is > x.x.x.7/32 (i.e. it *is* in the same subnet) > > * the box with an IP alias VIP is pfSense-2.1. (Also due an upgrade :-) > > It is actually part of a failover pair. The WAN addresses are > y.y.y.{229,230}/28 and the WAN-CARP interface is y.y.y.228/28. > The IP Alias interface is y.y.y.238/28 and attached to the WAN-CARP > interface. I think I did it this way so that the alias moved with the CARP > master. > > In both cases the alias is being used for NAT, and it's working fine, i.e. > happily responding to ARP from upstream router. > > The thing to note about the configuration is that the Proxy ARP VIP has a > /32 netmask (so it only responds to one address) and the IP Alias VIP has a > /28 netmask (to match the subnet it is aliased on) > > Regards, > > Brian. > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold >
_______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
