Hi,
I have a fixed public IP I receive from my ISP over DHCP. They have me 'linked' to a given MAC that I set as
hardware address and I receive w/o any problem my single fixed-IP address.
I asked them for a small subnet (/29) for 5 extra public IP's. I added these 5 additional IP's as aliases to the same DHCP - WAN interface. I tried both 'IP Alias' (as per the doc of OPNsense) and also CARP with a single node.
When I use 'IP Alias' everything works fine and with good performance for appox. 5 minutes, then it's like the IP address becomes 'unknown' and it stops working. When I open a shell on the box and type a ifconfig -a the aliases are still visible.
When I use CARP as virtual IP protocol the connection remains accessible, but with very bad performance and a lot of packet loss.
Any suggestions ?
Quote from: wmeter on July 24, 2020, 03:26:52 PM
When I use 'IP Alias' everything works fine and with good performance for appox. 5 minutes, then it's like the IP address becomes 'unknown' and it stops working. When I open a shell on the box and type a ifconfig -a the aliases are still visible.
Can you give an example how you see that it becomes unknown? IP Alias should be the way to go.
Keep in mind you only need to add IP Alias if you want to bind local services to IP. If it's just port forwarding you can enter the IP in the rule and you are good.
Ah, so I actually don't need the VIP if I just want an inbound NAT to e.g. propose a web-server or mail-server and just citing 'an IP' will do in the rule as long as ISP-wise I have that IP / subnet ?
Correct
Worked a dream, many thanks for your help !
Issue with the only shortly working alias IP's was that I migrated from a virtual machine to a physical device and as always the problem was between the keyboard and the screen, using the same IP on two devices on the same VLAN is never a good idea if it's not governed by CARP or something else ;-)
Thx !