How to Create an Interface on an IP Alias?

[vivekmauli14]

Hi,

I've created an IP alias on my system, and now I'm trying to figure out how to create a new interface that uses this alias. The alias is already active and bound to the original interface, but I need to treat it as a separate interface (for routing or firewall purposes, for example).

Thanks in advance!

Best,
VivekSP

[Patrick M. Hausen]

Not possible. An alias is another layer 3 address on an existing interface, not the other way round.

[vivekmauli14]

Hi Patrick,

Thanks for the clarification — I understand that from a traditional BSD networking model However, I've heard certain vendors (like Fortinet and Juniper) allow you to treat secondary IPs almost as if they were separate interfaces — using them in different routing instances, policies, or even NAT/firewall contexts. They often abstract this at the OS or control plane level to allow for that kind of flexibility.

Out of curiosity, does OPNsense offer any feature that might allow similar behavior? For example:

Creating a virtual interface or group that binds to a specific IP alias

Using aliases in policy-based routing or as part of a ruleset that treats them as more than just an additional address

Assigning a loopback or dummy interface with an alias and routing through that

Or is the OPNsense implementation (being FreeBSD-based) bound strictly to the traditional interface model with no way to "promote" an alias to interface-like behavior?

Appreciate any insights from others who've tried something similar or worked around this in creative ways.

Best regards,
VivekSP

[Patrick M. Hausen]

does OPNsense offer any feature that might allow similar behavior?

No.

Or is the OPNsense implementation (being FreeBSD-based) bound strictly to the traditional interface model with no way to "promote" an alias to interface-like behavior?

Yes.

It treats interfaces exactly like FreeBSD does. You can create additional loopback interfaces and assign addresses to them if this helps your use case.

[vivekmauli14]

Hi,

Thank you so much. Can you detail a bit more on how do you suggest this to be configured, first create IP Alias then Add the Alias IP on the loopback Address and then NAT or without NAT also this will Work ?
Looking forward to hear from you.

Thanks!

[Patrick M. Hausen]

Create a loopback interface, e.g. lo1, then assign IP address. Interfaces > Devices > Loopback.

No idea what you would do with that, though. I just said this is the only way to get a dedicated interface for an IP address. The rest is up to you.

[vivekmauli14]

Actually my requirement is, I have to configure a public IP 112.xxx.xxx.37 and 192.168.xx.xx in a same interface with a NAT policy

[meyergru]

That is another question than you asked first. On the same interface, you can just configure your (probably WAN) address 112.xxx and then a VIP of 192.168.xx.xx. BTW: If your aim is to access your bridge modem on the WAN interface, there is a guide for that.

[Patrick M. Hausen]

Actually my requirement is, I have to configure a public IP 112.xxx.xxx.37 and 192.168.xx.xx in a same interface with a NAT policy

You do not need a dedicated interface for that, just a virtual IP address and manual NAT rules. @meyergru linked to the guide already.