virtual IP address (VIP)

VIP 的使用處境:

• NAT
• clustering
• binding services such as DNS
• load balancing

pfsense 一共支援 4 種 VIP 方式

• CARP (V1)
• Proxy ARP (V1)
• Other (V1)
• IP Alias (V2)

CARP

缺點:
    * 要與 FW 的 Wan 的 IP 在同一 subnet
優點:
    * clustering (master firewall and standby failover firewall.)

Proxy ARP

缺點:
    * 不回應 ICMP
    * 不能 Binding (pfsense 自身不能用那 IP)
優點:
    * Can be in a different subnet than the real interface IP.

IP Alias

* pfsense version 2 才有

* CARP 外的一個不錯選擇 !

IP Alias mout another subnet IP

Setup the first subnet normally on the WAN interface. For the second subnet, manually add a gateway under System > Routing > Gateways on the WAN interface. Then you can simply add virtual IP addresses of type "IP Alias" from the second subnet on WAN interface.

After that create Manual Outbound NAT rules for that Virtual IP address if you want to NAT clients behind that address. You can also do 1:1 NAT against the virtual IP addresses.(Firewall -> NAT -> Outbound)

You'll need to create/modify firewall rules to use the second gateway wherever necessary.