How to config 5 static IP addresses with pfSense

jngo · Feb 11, 2024, 2:27 PM

Hello everyone,

I am totally new to pfSense. I used to work with Ubiquity EdgeRouter but recently, due to some changes in the office network, we plan to implement pfsense and plan to purchase the Netgate 6100 device
Our office has a a main LAN where we have 4 PC connected. A PBX system for IP telephony, Mail server, CCTV server, Data Storage server and IOT devices. Each will have its own VLAN
We have 5 statics IP addresses from the ISP. However, the ISP is assigning each static IP address bases on a MAC address and the type would be DHCP.
In Ubiquity EdgeRouter, we setup pseudo-ethernet and we can create a MAC address for each of the pethXX interfaces (equivalent to Virtual IP of the pfSense, I guess?) and set it to DHCP. We then call the ISP to cross-check for the MAC address and the ISP will then assign it to the static IP addresses.
After that, we setup NAT to re-direct the traffic to/from each static IP address to the according services (Mail server, CCTV, PBX, data, etc...) and setup the firewall accordingly.

Currently, we are running a virtual box with the pfSense OS installed to explore the functionality as well as being familiarized ourselves with the interface.
Could you please point me to where I could setup and config the additional IP addresses (on the single WAN) in pfSense.

Thank you very much for your help

SteveITS · Feb 11, 2024, 2:27 PM

@jngo One usually sets up an IP Alias:
https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-addresses.html

Your ISP requires each to have a different MAC though? CARP can do that but that’s intended for a high availability setup.

https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-address-comparison.html

I can visualize how they set it up but it doesn’t sound very conducive to using one router.

jngo · Feb 11, 2024, 9:08 PM

@SteveITS The ISP only gives out (as DHCP) a static IP address based on a unique MAC address. And since we have only 1 ISP where the office located, it is very limited choice that we can select!
So I think, the CARP would be the solution for our situation, correct? IP Alias doesn't seem to have any unique MAC address associated with it...
Thank you very much for your help

SteveITS · Feb 11, 2024, 9:45 PM

@jngo I don’t know if CARP aliases can just be used like that, but you can try. @stephenw10 may know.

Thinking bigger why do they require DHCP? Can you not just set up your addresses yourself or will they actually block the traffic? As in, can they just allow that MAC for all the IPs?

jngo · Feb 11, 2024, 11:08 PM

@SteveITS The ISP is Telus over here. We tried to get them issues an IP-range that has 5 IP addresses to us so we can add them manually in our Interface in EdgeRouter. But not successfully. Any single business static IP address must be bound by 1 unique MAC address of the interface. Therefore, we have to create the virtual interface called Pseudo-ethernet and generate a random MAC for that virtual interface. We then give this MAC address to the ISP and they lock it in the static IP. And, for DHCP, we have no choice as they said it is automatically stick to your MAC address, so we have to config the virtual interface as DHCP to accept the assigned IP address

viragomann · Feb 12, 2024, 11:59 AM

@jngo
That is a very unusual way to get additional IP addresses based on DHCP.
Typically you get a single (primary) DHCP address and all further IPs you get from the ISP are routed to the primary. So you only need to configure one DHCP interface and can easily use all the assigned IPs.