Feature #1113
closed
WAN Interfaces with the same Gateway
Added by Falk Nisius over 13 years ago.
Updated over 13 years ago.
Description
if someone has two Cablemodems from the same provider and get via DHCP different IP-Adresses, but the same gateway, then the static routing goes wrong.
The typical solution is to NAT one of the Lines with a small router. I think it would be an idea, do build this small Router direct on the pfsense in a BSD-Jail what performs only the NAT, so that we didn't have two static routes in the system routing table. I would build this, but my BSD knowledge is nearly zero. Perhaps it can be a package.
Falk
- Status changed from New to Rejected
duplicate of #228. please look at the open features before opening one.
excuse, but my proposal is not the duplicate of the problem, what is part of the system, it is a way for the solution, that can be a feature.
The BSD-Jail get the control over one of the WAN-Ports, Creates a TUN Interface, makes a NAT between. And the TUN Interface becomes the official gateway. Logging, configuring can performed at the same box, can be included in the pfsense Interface, not on an small external router.
Falk
that's not a viable solution for the same reasons it doesn't work without having a jail, and it's extremely ugly. it'll require a kernel-based solution without jails.
layer 2 is the issue, not layer 3.
excuse my investigation, its only for my understanding. if I wish to send an ip-packet from my box to an ip-adress, i make routing decision on layer 3 with the help of my routing table and perhaps with a pf rule to choose the right interface. Regardless of the decision the kernel know on which interface the packet has to be send. After that some code has to find the corresponding layer 2 address for target ip, in our case a mac address for the ethernet port. If each interface managed this by its own, than i couldn't see any problem. if this is centraliced without an binding on a interface, than I understand the problem, and I think disabling of arp-caching is not a solution.
Falk
There's one ARP table for the entire system regardless of how many NICs or jails or routing tables you have, and that association goes to one NIC only (which can arbitrarily change even, where multiple NICs have the same IP subnet on them), that's the main chunk of the issue. It's impossible to do on a single FreeBSD system at this point with any solution.
ok, but couldn't be an arp-proxy the solution of the problem ?
Falk
Also available in: Atom
PDF
Updated by 
Updated by