On Thu, May 27, 2010 at 2:56 PM, Yehuda Katz <[email protected]> wrote: > On Thu, May 27, 2010 at 1:41 PM, Evgeny Yurchenko <[email protected]> > wrote: >> Yehuda Katz wrote: >>> On Thu, May 27, 2010 at 1:02 PM, Chris Buechler <[email protected]> >>> wrote: >>>> On Thu, May 27, 2010 at 10:30 AM, Yehuda Katz <[email protected]> wrote: >>>>> We had Verizon DSL for our primary WAN connection. >>>>> Our primary IP (the WAN interface IP) was 71.248.x.114 >>>>> We had this entry in the Virtual IP list: >>>>> Type: Proxy ARP >>>>> Interface: WAN >>>>> IP Address: Network 71.248.x.112/28 >>>>> >>>>> To get that to work, we had to set the WAN interface IP to each of the >>>>> virtual IPs (ending with 114), after which we had no trouble. >>>>> >>>>> >>>>> Yesterday we switched to Verizon FiOS which meant that we got new IPs. >>>>> I switched the WAN interface IP to the new address 71.179.x.83 >>>>> and I switched the entry in Virtual IPs to >>>>> Type: Proxy ARP >>>>> Interface: WAN >>>>> IP Address: Network 71.179.x.80/28 >>>>> >>>>> We went through the same procedure, setting the WAN to each IP. >>>>> Some time during the night, each of the IPs stopped working. >>>>> This morning, we set the WAN interface to each of the IPs and they are >>>>> working now, but we have no way of knowing what will happen tonight. >>>>> >>>>> Any ideas? >>>>> >>>>> >>>> >>>> Use CARP VIPs instead. >>>> >>>> >>> >>> Maybe someone could point me to a walk-through for that. >>> The CARP page looks so much more complicated and I have never used it >>> before. >>> >> >> http://www.pfsense.org/mirror.php?section=tutorials/carp/carp-cluster-new.htm >> is very good tutorial >> > Thanks for the tutorial, but that does not do what I am trying to do. > According to the text on the Virtual IP page, Proxy ARP can work for > an entire CIDR block while CARP does not. > Does that mean I need to create an individual rule for each IP?
Yes. Though that tutorial goes into a lot of things you don't need to bother with unless you're actually bringing up a secondary firewall as well. You just need to add the VIPs individually as CARP IPs, and you can put anything you want into any of the fields there (leave them at defaults, except choose a unique VHID for each and put in a random password). --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
