CARP / Dynamic IP Addresses

stuartbh · August 18, 2022, 3:36am

pfSense users,

I have configured my residential ISP’s modem to run in bridge mode, where NAT and any other firewall or other services are entirely disabled in the modem. However, succeeding my doing this I realized that if I pluged three computers into the back of the modem (in bridge mode), each laptop or server got a public facing IP address! I tried 3 at once, but did not try for more.

That said, despite these IP address being ostensibly dynamic, I do seem to be able to get a few of them. Being as this is the case (they are not sequential in assignment) can I use this capability to setup CARP?

It is worthy of nation that when I plugged in a Linux box I had, I was able to SSH into it from the public internet (in the same manner I ssh into my pfSense box with a different public facing IP address my ISP assigns to it when it DHCPs its WAN address from the DSL modem in bridge mode).

If my modem were offline for more than 24 hours or there was a regional network outage I am sure my IP addresses would change. Although, my IP address is used with DDNS so I can obtain it remotely and log back in remotely.

Incidentally, my DSL modem is on its own VLAN with the WAN port of my pfSense box. So there is no reason to think that I could not have more pfSense boxes on the same VLAN that would get a public IP address via that VLAN from the DSL modem. No other hardware is connected or using that VLAN except pfSense (I have another VLAN for local LAN traffic). The pfSense box I built originally is using VLANs as it has only one ethernet port on it currently (thus it routes between VLANs), though I have a second port to add once I test it.

Any ideas on if this is usable to setup CARP?

Thanks!

Stuart

LTS_Tom · August 18, 2022, 10:11am

Don’t think it would work for CARP, you need static IP.

stuartbh · August 18, 2022, 12:43pm

Tom,

Okay, no problem. My network is a home lab network, so it is not such a critical concern. Moreover, I have only one ISP connection, so that in and of itself is a single point of failure.

If my pfSense box reboots currently, then when it comes back up (once it updates DDNS upon receiving a new dynamic IP) I am able to get back into it remotely if I am away from my home.

With my eventual intent for pfSense to run under ProxMox on a ProxMox cluster I can also assure if the server it is running on goes down it can come back up on a different cluster member at least. Granted, that would be with a different IP and having to wait for a new DDNS update to become occurring, but that is what happens if I reboot pfSense right now.

Stuart

stuartbh · August 18, 2022, 3:14pm

Tom,

One other question, what if I had 3 static IP address were routed via a GRE tunnel? Would that work?

Stuart

LTS_Tom · August 18, 2022, 5:00pm

Not sure, not something I have tested.

stuartbh · August 19, 2022, 12:45am

Tom,

It might not be the manner by which pfSense has implemented it, but I can imagine there must be mechanisms that would allow this to work absent the need for 3 public IP addresses. Either floating the MAC address or something else. I am not saying that the current software amalgam for pfSense has that capability now, just that theoretically it ought be possible.

Stuart