Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to route second public IP

    Scheduled Pinned Locked Moved General pfSense Questions
    14 Posts 4 Posters 833 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cubits @stephenw10
      last edited by

      @stephenw10 although they are on the same subnet, it does not look like one is routed through another. virtual ip wasnt simply working

      T 1 Reply Last reply Reply Quote 0
      • T
        tgl @cubits
        last edited by

        @cubits One other question: are the WAN IP addresses statically assigned to you, or do you have to pull them via DHCP? I can believe that you might need two separate MAC addresses (thus two ports) to get two addresses from a DHCP server. But the other side of that coin is that I don't see what value there is in multiple IP addresses if they aren't static.

        C 1 Reply Last reply Reply Quote 0
        • C
          cubits @tgl
          last edited by

          @tgl IPs are statically assigned with a default gateway at xxx.xxx.xxx.1

          T 1 Reply Last reply Reply Quote 0
          • T
            tgl @cubits
            last edited by

            @cubits said in Unable to route second public IP:

            @tgl IPs are statically assigned with a default gateway at xxx.xxx.xxx.1

            Then you have the same situation as me, and you should be able to make it work with NAT mappings for the alternate addresses like I suggested.

            C 1 Reply Last reply Reply Quote 0
            • C
              cubits @tgl
              last edited by

              @tgl so that means I can only assign the address to another nic, and not make the secondary address as though it appears as a wan interface in pfsense menus

              T 1 Reply Last reply Reply Quote 0
              • T
                tgl @cubits
                last edited by

                @cubits said in Unable to route second public IP:

                @tgl so that means I can only assign the address to another nic, and not make the secondary address as though it appears as a wan interface in pfsense menus

                I don't think you read what I said. I have multiple WAN IP addresses, and they are all coming in on one port/one interface. You just have to do the configuration correctly. No, you can't (AFAIK) make a separate "interface" for each address. But you can attach multiple addresses to one interface using NAT rules.

                C 1 Reply Last reply Reply Quote 0
                • C
                  cubits @tgl
                  last edited by

                  @tgl thanks, it makes more sense to me now. do you have any sample that I can use, with some screenshots in the web ui, much thanks!

                  T 1 Reply Last reply Reply Quote 0
                  • T
                    tgl @cubits
                    last edited by tgl

                    @cubits Sure, let's see if I know how to do that on this forum ...

                    Here's my 1:1 NAT assignments for two machines that are mail servers exposed to the outside internet:

                    1-1-NAT.png

                    Here's my Outbound-NAT assignments for two VLANs whose purposes should be self-evident:

                    VLAN-NAT-2.png

                    The VLANs were set up according to the directions in the pfSense documentation (actually, all of this is in the documentation, once you find it). I do not remember why there are special rules for port 500 --- I think I copied that from a documentation example. For the purposes of these NAT rules, it doesn't much matter that those are VLANs, only that there's an identifiable range of local addresses that are to share the WAN address.

                    In addition to the four WAN addresses you can see being mapped here, I own xxx.xxx.xxx.242, which is set up as the assigned WAN address for PORT1WAN in the Interfaces menu. That carries traffic from all local machines that aren't either the two mail servers or the stuff on the VLANs.

                    Don't forget to add suitable firewall rules to block any connections you don't want. The firewall rules are applied after NAT mapping, so write them in terms of the internal addresses not the WAN addresses.

                    S 1 Reply Last reply Reply Quote 1
                    • S
                      SteveITS Galactic Empire @tgl
                      last edited by

                      @tgl said in Unable to route second public IP:

                      (actually, all of this is in the documentation, once you find it).

                      ;)
                      port 500: https://docs.netgate.com/pfsense/en/latest/nat/outbound.html#static-port

                      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                      Upvote 👍 helpful posts!

                      1 Reply Last reply Reply Quote 1
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        If they are statically assigned and in the same subnet then you should just be able to use virtual IPs.

                        How did you test it?

                        Adding a bridge is only required if you need multiple MAC addresses. Usually you would not. You can only add one though. Your screenshot implies you either already have WAN in a bridge or you tried to add it to more than one.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.