Messages

Can this be used with opnsense as-is?

10.0.1.5/32 does not work?


Cheers,
Franco

and this is where I feel stupid... yes it caused it to stay the way it should be. The whole subnet thing still confused me a little can you maybe explain why /32 works?

The public ips have a /29 subnet and so do the virtual ips... the lan has /24.... why does /32 work with the outbound rules?

I have 5 public static IPs assigned to me from my ISP. The modem they provide requires each ip to have a unique MAC address - so I created the appropriate Virtual IPs using CARP. My end goal is to have it set up the way it was when I was running pfSense (I wanted to switch and give this a go). With pfSense, I had my LAN (10.0.1.0/24) which had 3 web servers running in the LAN NET. All 3 servers need to have ports 80/443 open so I assigned the CARP IPs to just one ip address/server in the LAN NET and everything was working; after applying to appropriate rules, etc. So I was trying to replicate my set up w/ OPNsense and below is a run down of what I have going on currently:

Server #1 would have a public ip of X.X.X.21 (CARP) and a private ip of 10.0.1.5
Server #2 would have a public ip of X.X.X.22 (CARP)  and a private ip of 10.0.1.6
Server #3 would have a public ip of X.X.X.23 (CARP) and a private ip of 10.0.1.7
Everything else on the LAN would have a public ip of X.X.X.20 and a private ip range of 10.0.1.50-10.0.100

With OPNsense... when I try to go create the Firewall:NAT:Outbound rule to allow the servers to work correctly, I am unable to set the source as a single host. I enter 10.0.1.5/24 and when I hit save it ends up changing the source to be 10.0.1.0/24, which of course makes my whole LAN have the same public ip X.X.X.21 instead of the server having X.X.X.21 and everything else having X.X.X.20.