I’m a student and currently learning pfSense. I found the LTS videos very useful and that’s how I found out about the forum. For my project work I’m trying to create a pfSense high availability configuration and I could use some help.
My main problem: I only get a single public IP address from my ISP. So now I am trying to cobble together a workaround…
I’m already running two functioning firewalls.
The master firewall runs virtualized with UNRAID and has a Intel i350-t4 NIC.
The backup firewall is a bare metal installation on a Fujitsu S920 also with a Intel i350-t4 NIC.
From my ISP I have VDSL modem to which the master firewall dials in via PPPoE and gets a public IP address. But I can’t dial in simultaneously with my backup firewall to get a second public IP address. Either my modem or my ISP doesn’t support this.
And that’s where the botch starts that I’m trying to get to work… My modem is connected to a dumb switch. The WAN interfaces of both firewalls are connected to this dumb switch. The master firewall dials in via PPPoE and gets a public IP address.
On the backup firewall I configured the WAN interface as DHCP. At the same time, I am spoofing the MAC address of the master WAN interface on the backup WAN interface. Additionally, on the backup WAN interface under “Protocol Timing”, I set “timeout” to 1 second and “retry” to 1 second. That way, I hoped to achieve that the backup WAN interface will always keep asking if it can get an DHCP address.
If my master WAN interface now dials in via PPPoE, my hope was, that the dumb switch transmits the same public IP address to both WAN interfaces due to the spoofed MAC address.
Unfortunately, it isn’t working so I would like to ask if you can help me to get my botch working. Or if there is a completely different workaround to implement High Availability with only one public IP address.
Thanks in advance!