Is there a way to use overlapping ip address range on different Physical interfaces in pfsense… for example LAN1 -10.10.10.1/24 LAN2 10.10.10.50/29. & when the PFsense receives ARP request for the 10.10.10.50/29 network on LAN1 it responds with LAN1s physical mac-address. If there is any other way to achieve this i am open to that too.
PC (10.10.10.50/29)–>LAN2(10.10.10.51/29) LAN1(10.10.10.1/24)–>PC2 (10.10.10.254/24)
I am not aware of anyway for pfsense to allow overlapping network ranges as it would break routing. What are you trying to achieve?
Do you have a video that explains proxy arp VIPs on pfsense?
I have attached a rough diagram of what i am trying to achieve. Hopefully this will make sense. This setup works today on Mikrotik as it supports proxy arp and allows configuration of overlapping subnets on different physical ports. However i want to replicate this with pfsense as the OVPN capabilities are better.
so i have a device that doesn’t support VLANs (A) that send two different types of traffic that need to end up a two separate locations. To overcome this limitation we put a mikrotik router (no firewall/NAT) which splits the traffic for us. When A sends traffic for B, Mtik sends out to B and also responds for arp messages for A for return traffic. When A sends traffic that needs to go internet Mtik just routes out based on basic routing table. The reason we are doing it this way is
Proxy Arp VIP is supported in pfsense, but I have not done a video on it nor have I had to set any of them up.
https://docs.netgate.com/pfsense/en/latest/book/firewall/virtual-ip-addresses.html
This is a very hacky, atypical implementation.
Maybe a solution is to setup a bridge with the interfaces that connect to “A” and “B” If they form a bridge, they’ll behave like a L2 switch, open to ARPs. I haven’t had the need to setup one in my work. I tried at my home PFSense just to see how it works, but it was a completely artificial scenario.
I have used Proxy ARP VIPs when a ISP gives you several blocks of public IPs over the same interface and you need those VIPs to do NAT 1:1. I haven’t had another use for them.
In fact the description from the PFSense Book is not very clear in my opinion, but describes the use I had for Proxy ARP VIPs.
I think it’s better to somehow simplify your network. I know you said there are restrictions.
Thanks for your response. I agree its hacky and i have tried coming up with multiple solutions but the only one that works is the one with Mikrotik. You are right Mtik also allows a bridged configuration. I will try and replicate that with pfsense.
So i finally have this working on pfsense using a bridged configuration. Thanks for the response.
You’re welcome!
Did you see that your post made it to yesterday’s streaming video?
