Unable to route second public IP
-
@stephenw10 although they are on the same subnet, it does not look like one is routed through another. virtual ip wasnt simply working
-
@cubits One other question: are the WAN IP addresses statically assigned to you, or do you have to pull them via DHCP? I can believe that you might need two separate MAC addresses (thus two ports) to get two addresses from a DHCP server. But the other side of that coin is that I don't see what value there is in multiple IP addresses if they aren't static.
-
@tgl IPs are statically assigned with a default gateway at xxx.xxx.xxx.1
-
@cubits said in Unable to route second public IP:
@tgl IPs are statically assigned with a default gateway at xxx.xxx.xxx.1
Then you have the same situation as me, and you should be able to make it work with NAT mappings for the alternate addresses like I suggested.
-
@tgl so that means I can only assign the address to another nic, and not make the secondary address as though it appears as a wan interface in pfsense menus
-
@cubits said in Unable to route second public IP:
@tgl so that means I can only assign the address to another nic, and not make the secondary address as though it appears as a wan interface in pfsense menus
I don't think you read what I said. I have multiple WAN IP addresses, and they are all coming in on one port/one interface. You just have to do the configuration correctly. No, you can't (AFAIK) make a separate "interface" for each address. But you can attach multiple addresses to one interface using NAT rules.
-
@tgl thanks, it makes more sense to me now. do you have any sample that I can use, with some screenshots in the web ui, much thanks!
-
@cubits Sure, let's see if I know how to do that on this forum ...
Here's my 1:1 NAT assignments for two machines that are mail servers exposed to the outside internet:
Here's my Outbound-NAT assignments for two VLANs whose purposes should be self-evident:
The VLANs were set up according to the directions in the pfSense documentation (actually, all of this is in the documentation, once you find it). I do not remember why there are special rules for port 500 --- I think I copied that from a documentation example. For the purposes of these NAT rules, it doesn't much matter that those are VLANs, only that there's an identifiable range of local addresses that are to share the WAN address.
In addition to the four WAN addresses you can see being mapped here, I own xxx.xxx.xxx.242, which is set up as the assigned WAN address for PORT1WAN in the Interfaces menu. That carries traffic from all local machines that aren't either the two mail servers or the stuff on the VLANs.
Don't forget to add suitable firewall rules to block any connections you don't want. The firewall rules are applied after NAT mapping, so write them in terms of the internal addresses not the WAN addresses.
-
@tgl said in Unable to route second public IP:
(actually, all of this is in the documentation, once you find it).
;)
port 500: https://docs.netgate.com/pfsense/en/latest/nat/outbound.html#static-port -
If they are statically assigned and in the same subnet then you should just be able to use virtual IPs.
How did you test it?
Adding a bridge is only required if you need multiple MAC addresses. Usually you would not. You can only add one though. Your screenshot implies you either already have WAN in a bridge or you tried to add it to more than one.
