Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I have /29 block of WAN IP's, how do i force a vlan out of a specific IP from it

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 3 Posters 426 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W Offline
      wspence
      last edited by

      Good evening. i have a /29 block from my ISP. I put the IP's on the pfsense using Virtual IP's, what im struggling with is how can I force lets say Guest network VLAN 100 to utilize that WAN IP.

      S T 2 Replies Last reply Reply Quote 0
      • S Offline
        SteveITS Rebel Alliance @wspence
        last edited by

        @wspence outbound NAT rule: https://docs.netgate.com/pfsense/en/latest/nat/outbound.html

        An example: https://docs.netgate.com/pfsense/en/latest/recipes/nat-voip-pbx.html#outbound-nat (though for example a static port isn’t normally needed)

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 1
        • T Offline
          tgl @wspence
          last edited by

          @wspence
          I set up a similar configuration recently. Leave the default outbound NAT rule in place for mapping your main network to the primary WAN address. Select the "Hybrid Outbound NAT" mode to allow you to add custom rules to the default. Then add a custom outbound NAT mapping from the VLAN's address range to the WAN-side address you want it to go out of. Your rule should look like the automatic one except for the specific source and NAT addresses. (The automatic rules have a special case for port 500, which you might or might not feel like duplicating --- I did, but I'm not sure it will ever matter in my use.)

          Don't forget that you need pass/block firewall rules in addition to the NAT mapping. In particular you probably want to block the guest VLAN from reaching your main net, with the possible exception of specific services such as DHCP and DNS.

          1 Reply Last reply Reply Quote 1
          • W Offline
            wspence
            last edited by

            Appreciate it guys i will take a look and test

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.