[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pfsense-discussion
Subject:    Re: [pfSense] VIP,MAC & Arp
From:       Nick Upson <nu () telensa ! com>
Date:       2014-09-19 6:11:27
Message-ID: CAB8ifrbejPo-QUUg0Vw2FzoHVyfLpSX=9JYF7ffXoKzCapn4Gw () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


HI Chris

I setup a proxy arp for the entire range, first thing I tried, but no dice.
I'll try it again

yes, AAISP, their support is good but the people I've been talking to don't
know pfsense so I thought I try it from that end, hence the post here​

Nick Upson, Telensa Ltd, Senior Operations Network Engineer
direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200

On 18 September 2014 21:19, Chris Bagnall <pfsense@lists.minotaur.cc> wrote:

> On 18/9/14 8:13 pm, Nick Upson wrote:
>
>> We have a new /27 range to go with this new installation and here is the
>> problem, external ping/connectivity to the new IPs doesn't work except one
>> the .225 address, it seems the firebrick requires ARP in order to route
>> them. I have setup several different Virtual IPs (tried different types,
>> individually and as a range) and they don't work, the firebrick ARP table
>> only contains the .255 with a MAC address, the rest don't have one and so
>> are not used (I'm told).
>>
>
> In my experience (and one of our clients had a similar setup a couple of
> years back before they got FTTC), you want a Proxy ARP entry on your
> pfSense VIP page for the whole IP range, so assuming the subnet you've been
> given is a.b.c.224/27, just create a corresponding VIP rule.
>
> Here's one of mine for a much smaller range:
> a.b.c.176/29    ADSL2   proxy arp
>
> (note the choice of interface - make sure you choose the interface to
> which you've connected the Firebrick)
>
> As an idle curiosity - is this an AAISP connection you're using? If so,
> their IRC channel is usually populated with some pretty clueful folks, some
> of whom run pfSense, so it might also be worth asking on there.
>
> Kind regards,
>
> Chris
> --
> This email is made from 100% recycled electrons
> _______________________________________________
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>

[Attachment #5 (text/html)]

<div dir="ltr"><div class="gmail_default" \
style="font-family:arial,helvetica,sans-serif">HI Chris</div><div \
class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div \
class="gmail_default" style="font-family:arial,helvetica,sans-serif">I setup a proxy \
arp for the entire range, first thing I tried, but no dice. I&#39;ll try it \
again</div><div class="gmail_default" \
style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" \
style="font-family:arial,helvetica,sans-serif">yes, AAISP, their support is good but \
the people I&#39;ve been talking to don&#39;t know pfsense so I thought I try it from \
that end, hence the post here​</div></div><div class="gmail_extra"><br \
clear="all"><div><div dir="ltr"><div>Nick Upson, Telensa Ltd, Senior Operations \
Network Engineer<br></div><div>direct +44 (0) 1799 533252, support hotline +44 (0) \
1799 399200</div></div></div> <br><div class="gmail_quote">On 18 September 2014 \
21:19, Chris Bagnall <span dir="ltr">&lt;<a href="mailto:pfsense@lists.minotaur.cc" \
target="_blank">pfsense@lists.minotaur.cc</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><span>On 18/9/14 8:13 pm, Nick Upson wrote:<br> <blockquote \
class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
 We have a new /27 range to go with this new installation and here is the<br>
problem, external ping/connectivity to the new IPs doesn&#39;t work except one<br>
the .225 address, it seems the firebrick requires ARP in order to route<br>
them. I have setup several different Virtual IPs (tried different types,<br>
individually and as a range) and they don&#39;t work, the firebrick ARP table<br>
only contains the .255 with a MAC address, the rest don&#39;t have one and so<br>
are not used (I&#39;m told).<br>
</blockquote>
<br></span>
In my experience (and one of our clients had a similar setup a couple of years back \
before they got FTTC), you want a Proxy ARP entry on your pfSense VIP page for the \
whole IP range, so assuming the subnet you&#39;ve been given is a.b.c.224/27, just \
create a corresponding VIP rule.<br> <br>
Here&#39;s one of mine for a much smaller range:<br>
a.b.c.176/29      ADSL2     proxy arp<br>
<br>
(note the choice of interface - make sure you choose the interface to which \
you&#39;ve connected the Firebrick)<br> <br>
As an idle curiosity - is this an AAISP connection you&#39;re using? If so, their IRC \
channel is usually populated with some pretty clueful folks, some of whom run \
pfSense, so it might also be worth asking on there.<br> <br>
Kind regards,<br>
<br>
Chris<span class="HOEnZb"><font color="#888888"><br>
-- <br>
This email is made from 100% recycled electrons<br>
______________________________<u></u>_________________<br>
List mailing list<br>
<a href="mailto:List@lists.pfsense.org" \
target="_blank">List@lists.pfsense.org</a><br> <a \
href="https://lists.pfsense.org/mailman/listinfo/list" \
target="_blank">https://lists.pfsense.org/<u></u>mailman/listinfo/list</a><br> \
</font></span></blockquote></div><br></div>



_______________________________________________
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic