Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Send Interface/VLAN traffic over Routed IP

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 2 Posters 443 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • The Computer GuyT
      The Computer Guy
      last edited by

      Just checking before I order the line, have a local hotel with a pfSense firewall, looking at installing a new FTTP line, but need a separate external IP address for each room in the hotel. (So that any illegal activity can be traced back to a room/person)

      I can get a /28 subnet from the supplier.

      Just checking that I've understood routed IP's correctly, will I be able to direct traffic for each room (seperate VLAN interface) over different external IP's, or are routed IP's only good for routing back into a network?

      I.E. Machine A on IP A, Machine B on IP B etc etc?

      • P
      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @The Computer Guy
        last edited by

        @The-Computer-Guy
        I assume, with "routed IP's" you mean, that the /28 is routed to your primary WAN IP by your ISP?

        If so, than yes, you can masquerade the outbound traffic of each internal IP with a different external IP out of the /28 subnet.

        If room IPs were sequential you could do this with a single NAT 1:1 rule. However, as you say, each is within a separate VLAN, you would have to add a separate outbound NAT rule for each room.

        The Computer GuyT 1 Reply Last reply Reply Quote 0
        • The Computer GuyT
          The Computer Guy @viragomann
          last edited by

          @viragomann thanks, just checking

          "If so, than yes, you can masquerade the outbound traffic of each internal IP with a different external IP out of the /28 subnet."

          Only each individual IP, or each subnet?

          So I.E.

          VLAN 10 - Room 01 - IP Range 192.168.10.10 - 192.168.10.250 - Out VIA WAN IP 1
          VLAN 11 - Room 02 - IP Range 192.168.11.10 - 192.168.11.250 - Out VIA WAN IP 2

          The whole range, per external IP?

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @The Computer Guy
            last edited by

            @The-Computer-Guy said in Send Interface/VLAN traffic over Routed IP:

            So I.E.

            VLAN 10 - Room 01 - IP Range 192.168.10.10 - 192.168.10.250 - Out VIA WAN IP 1
            VLAN 11 - Room 02 - IP Range 192.168.11.10 - 192.168.11.250 - Out VIA WAN IP 2

            Yes, you can do this.

            In the outbound NAT rule just state the rooms subnet as source, e.g. 192.168.10.0/24. For the translation select "network or alias", enter the desired IP and a /32 (!) mask.
            It would be okay to state the whole subnet, I think.

            Remember to switch the outbound NAT into hybrid mode.

            The Computer GuyT 1 Reply Last reply Reply Quote 1
            • The Computer GuyT
              The Computer Guy @viragomann
              last edited by

              @viragomann - Great, thank you for the clarification :)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.