Multiple static IP on different gateway

bingo600

@firewalled_lotusdew
What subnet mask(s) did they give you, for those 3 ip's ?

Hmmmm .... Something is "fishy" w. those ip's

whois 123.176.59.217
% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

% Information related to '123.176.56.0 - 123.176.59.255'

% Abuse contact for '123.176.56.0 - 123.176.59.255' is 'datacomteam@mirtelecom-bd.com'

inetnum:        123.176.56.0 - 123.176.59.255
netname:        MIRTELECOM
descr:          Mir Telecom
descr:          Level-7, Red Crescent Borak Tower
descr:          71-72, Old Elephant Road, Eskaton Garden
country:        BD

whois 123.176.60.77
% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

% Information related to '123.176.60.0 - 123.176.63.255'

% Abuse contact for '123.176.60.0 - 123.176.63.255' is 'ipas@cnnic.cn'

inetnum:        123.176.60.0 - 123.176.63.255
netname:        CSLC-NET
descr:          China Sports Lottery Technology Development Co., Ltd
descr:          Yijing Building, No.23 Dong San Huan Nan Lu,Chaoyang District
descr:          Beijing,China,100021
country:        CN

whois 123.176.62.177
% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

% Information related to '123.176.60.0 - 123.176.63.255'

% Abuse contact for '123.176.60.0 - 123.176.63.255' is 'ipas@cnnic.cn'

inetnum:        123.176.60.0 - 123.176.63.255
netname:        CSLC-NET
descr:          China Sports Lottery Technology Development Co., Ltd
descr:          Yijing Building, No.23 Dong San Huan Nan Lu,Chaoyang District
descr:          Beijing,China,100021
country:        CN

They are assigned to different "entities"

/Bingo

firewalled_lotusdew

Ah - I didnt give the exact IP - switched out a few numbers - funny that it goes to China. But I thought it would still give enough information in terms of specifics.

As of now I am trying to understand how I can route WAN interface to different IPs with their own individual gateway.

viragomann

@firewalled_lotusdew
Did you simptry out yet is the other two gateways are really needed?

bingo600

@firewalled_lotusdew
Please supply the subnet mask(s) you got for the ip's

firewalled_lotusdew

@bingo600 The mask is 255.255.252.0

You mean expect 123.176.60.77 to be routed via 123.176.59.1 ?

bingo600

@firewalled_lotusdew

The 255.255.252.0 mask "covers 1024 ip addesses" aka. 4 Class-C networks.

Could you please supply the first REAL 3 octets of your ip addresses ? - A.B.C.?? , the ?? part is irellevant , if you dont want to supply.

Well actually it's just the C part that's interesting , if you got a 255.255.252.0 mask (a /22).

Chances are that you can use a 255.255.252.0 mask on your WAN , and "cover all" ip's asigned with the same def-gw.

/Bingo

Patch

From a network configuration advice surely only the lest significant digit are relevant. The ones which a consistent between all of his IP address do not need to be publicly disclosed.

That and the network mask which may cover all public IP given.

Although I guess 123.176. is rubbish and perhaps the remainder is more accurate.

bingo600

@Patch
You mean like i wrote here

@bingo600 said in Multiple static IP on different gateway:

Well actually it's just the C part that's interesting , if you got a 255.255.252.0 mask (a

viragomann

@firewalled_lotusdew said in Multiple static IP on different gateway:

You mean expect 123.176.60.77 to be routed via 123.176.59.1 ?

pfSense routes any packets destined to an IP out of its own subnets to the default gateway.
The point is if the gateway accepts a source IP outside of its subnet. Only the ISP will know the answer, but you can easily check it out.
For forwarding packets for such IPs, you can ask your ISP to route them to your primary IP, if he doesn't that anyway.

In the past, I had three different public subnets, all with their own network addresses, gateways and broadcast IPs on a single WAN interface. I configured only gateway of the first one on pfSense and all worked well out of the box.

Derelict

@patch said in Multiple static IP on different gateway:

From a network configuration advice surely only the lest significant digit are relevant. The ones which a consistent between all of his IP address do not need to be publicly disclosed.

That and the network mask which may cover all public IP given.

Although I guess 123.176. is rubbish and perhaps the remainder is more accurate.

With a /22 netmask the last 10 bits are significant, not the last octet.

They should provide XX.YY.Real-address.real-address

XX.YY should be used to indicate they are identical for both the addresses and the provided gateways.

And, of course, the provided subnet masks.

stephenw10

Mmm, depending on which bits were swapped those subnets may or may not be inside the same /22. Currently they are shown as not being which would mean they could not share the same gateway.

firewalled_lotusdew

@stephenw10 Yes I realize that these IPs dont fall within the same subnet I think based on the calculations below. So I am assuming they cannot be routed

As you can see the range is from 123.176.56.X to 123.176.59.254.

So the static IPs 123.176.60.X and 123.176.62.X wont be routable via the gateway 123.176.59.1 I believe. Please let me know if i am understanding correctly ?

stephenw10

Yes, they cannot use the same gateway.

Hoe is the DSL modem configured here? Is it really a modem only? I assume you are not using PPPoE here?
Is the 'modem' itself acting as the gateway?

firewalled_lotusdew

@stephenw10 @stephenw10 The DSL modem has a fiber connection and it has 4 lan ports. One of the LAN port is configured into bridge mode which lands on the static IP confgured on pfSense WAN.

It might be possible to portmap the remaining 3 LAN into bridge mode as well and land them on seperate static IPs on any interface but that topology will mean I need multiple instances of pfSense I guess. I am trying to avoid that.

I dont know if a better idea would be to front the pfSense with a reverse proxy with different static IPs ... I am quite out of depth here.

stephenw10

@firewalled_lotusdew said in Multiple static IP on different gateway:

The DSL modem has a fiber connection

Like FTTC? If it's actually fiber to the modem that's not DSL.
Do you have access to the modem? Can you see what IP(s) it is using? It may not be if it really is bridging.

Steve

firewalled_lotusdew

@stephenw10 @stephenw10 @stephenw10 Yes FTTC - I have admin access to the modem. Its not using IP as its bridging.

PS: I am getting blocked from posting replies as its too frequent. Request to adjust my privileges if possible.

stephenw10

You have 5 rep now you should be able to post more frequently.

Can you see how the bridging is configured?

firewalled_lotusdew

@stephenw10 Yes - attaching a snapshot of choices and currently set as bridge

stephenw10

Hmm, well the best thing there would be if you can get the ISP to provide static IPs in the same subnet, that share a gateway. Or route other IPs to your primary IP.

You might just try using them with the original gateway and see hat happens.

Derelict

@firewalled_lotusdew Yeah I'd just put the VIPs on WAN and see what happens.