Virtual IP as gateway for one client only

yeahmagnets · Dec 12, 2023, 6:38 PM

Hi,

I've two wan ip addresses as;
212.252.119.3/24
212.252.119.4/24
Upstream : 212.252.119.1/24

Local ip block is :
10.1.0.0/24

my default gateway is 212.252.119.3 for LAN and as you guys know i can not set 212.252.119.4/24 as second wan because of overlaps.

Only one of my client - 10.1.0.118- must use 212.252.119.4 instead of 212.252.119.3 as wan ip address.

Is it possible to set 212.252.119.4 to 10.1.0.118 as default gateway?

I've tried LAN->WAN firewall rule->advanced->default gateway but it only lists the 212.252.119.1 (obviously) since i can not define 119.4 as second wan interface.

I've tried to create a NAT map but couldn't figure it out how mapping should be.

viragomann · Dec 12, 2023, 7:06 PM

@yeahmagnets
You have to do this in Firewall > NAT > Outbound.

By default (in automatic mode) pfSense translates the source IP in all outgoing packets into its primary interface IP. If you want to map a certain other IP for a specific internal IP you have to add a rule.

Before switch the outbound NAT into hybrid mode. Then add a rule:
interface: WAN
source: Network or alias > 10.1.0.118/32
destination: any
translation: Network or alias > state your alias IP

yeahmagnets · Dec 12, 2023, 7:30 PM

@viragomann said in Virtual IP as gateway for one client only:

@yeahmagnets
You have to do this in Firewall > NAT > Outbound.

By default (in automatic mode) pfSense translates the source IP in all outgoing packets into its primary interface IP. If you want to map a certain other IP for a specific internal IP you have to add a rule.

Before switch the outbound NAT into hybrid mode. Then add a rule:
interface: WAN
source: Network or alias > 10.1.0.118/32
destination: any
translation: Network or alias > state your alias IP

Firewall->NAT->Outbound NAT Mode : Hybrid
Rule :
Interface WAN
Address Family : IPV4
Protocol : Any
Source : Network - 10.1.0.118/32 (There is no Network or alias option, Any,This Firewall and Network )
Destination : Any
Translation : Address - 212.252.119.4
port or Range : empty / Static Port : Unchecked

When i create rule as above, client computer loses it's internet access, when i state Source as 10.1.0.118/24 it corrects as 10.1.0.0/24 and doesn't allow me to state an ip address.

stephenw10 · Dec 12, 2023, 7:30 PM

Yes, that^.
This is an outbound NAT issue and not a gateway difference. The gateway will be the same for both clients.

Steve

stephenw10 · Dec 12, 2023, 7:32 PM

That IP exists as as an IPAlias VIP on WAN?

Can you ping out for that VIP as a source IP directly in Diag > Ping?

yeahmagnets · Dec 12, 2023, 7:39 PM

@stephenw10 said in Virtual IP as gateway for one client only:

That IP exists as as an IPAlias VIP on WAN?

Can you ping out for that VIP as a source IP directly in Diag > Ping?

I think i know the problem's source :) My datacenter has MAC protection, so i need to create a ticket to them to allow internet access for 212.252.119.4 to pfsense's WAN ethernet mac address first, probably that's why client loses internet connection.

I'll try and let you know the outcome.

Nice bike by the way :)

yeahmagnets · Dec 13, 2023, 4:47 PM

@yeahmagnets after mac authentication, it worked thank you guys