Multiple LAN IP Addresses
-
Hello @ all!
I have to use the LAN Interface of pfsense with 3 or 4 Gateway Addresses.
Here my Problem:i can't define a second LAN IP in the Webinterface.
if i set the second IP on the shell with ifconfig, i can ping it, but cant use it as gateway address (i have made the Firewall Rules and Outbound NAT Rules).so what can i do to use 1 Interface as a Gateway for multiple subnets?
i hope you will answer soon!
greetz rene!
-
Get a VLAN capable Switch and use VLANs.
Right now it's not possible to do it the way you want to do it (creat aliases).Btw: messing with the system from console is not supported.
-
when will this function be integrated to pfsense?
-
When it's done.
Afaik it's already in HEAD.(dont expect it within the next year)
-
Or put some additional NICs in your router and assign different subnets to them.
You would need a dedicated switch for each subnet then, of course. -
So what you are saying is that PfSense does not support transversing VLAN tagging for 802.1Q?
-
No. That is not what anyone was saying. Using FreeBSD standard alias' is not currently supported…
-
Btw, don't get your hopes up alias had been promised since v1.0 so I guess it's not a priority.
-
I wonder if the following would work:
Interface 0:
VLAN ID Default; IP 192.168.10.10.222/24
VLAN ID 1; IP 192.168.1.222/24
VLAN ID 2; IP 192.168.2.222/24
VLAN ID 3; IP 192.168.2.222/24Setup Proxy ARP on VLAN Default for VLAN 1,2,3 and allow traffic between VLANs
mr-s
-
BTW:
Please be aware that VLAN1 is usually the default VLAN.If you connect to a switch that might lead to trouble. (It might work with certain switches, but it is usually better to be on the safe side)
I would recommend to try
VLAN ID Default; IP 192.168.10.10.222/24
VLAN ID 2; IP 192.168.1.222/24
VLAN ID 3; IP 192.168.2.222/24
VLAN ID 4; IP 192.168.2.222/24Don't know if that is going to work with proxy arp, but good luck.
-
VLAN ID 2; IP 192.168.2.222/24
VLAN ID 3; IP 192.168.2.222/24Is that a typo or by intention?
And in the VLAN HowTo it is highlighted that you should not use the first VLAN for production.
Switches like to use it as default and a drop back down there might easily occur,asking for trouble… -
A bit off curse, but the vlan1 / default vlan on the switch can / should be used as monitor / management vlan for the switch.
So on pfSense I've made a vlan for vlan id 1 so i can connect to the switch management site. -
Exactly that's the purpose of it.
Furthermore, the switches I put my hands on so far have vlan0 defined as default with all ports included. -
Any updates on this?
I have flat network behind the firewall and have to use 2 subnets. No VLANs involved and no NAT either. Just firewall.
So what I need is 2 addresses on LAN interface. I don't need to NICs as everything goes to the same flat physical network.Is it still impossible to do with pfSense?
Thanks,
FiL
-
See http://doc.pfsense.org/multiple-subnets-one-interface-pfsense.pdf
-
-
@cmb:
See http://doc.pfsense.org/multiple-subnets-one-interface-pfsense.pdf
It works! But i had to reboote for some reason.
But have a problem. I am using CARP.
I added a CARP address to my extra LAN-SEGMENT in the XML(Cant do it in the web interface) but it does not work. Have also tried to ad a PARP just to test. But this is not working ether.
I was hoping for a work-around. I hope i don't have to wait for 1.3 :)
Any good idea of how to fix CARP in this situation?
-
Good day,
I tried it and it works.
this is my set up.
public ip –->wan pfsense lan ----10.10.10.0/24
the i added the alias ip 10.10.20.1 and added the recommended firewall rules
Now from workstation w/ ip 10.10.10.100 i can ping 10.10.10.1, 10.10.20.1 and workstation 10.10.10.100 and vice versa.
I think every things fine but i notice that from my pfsense console and under the lan interface menu that it's ip is now set to 10.10.20.1.
Is this the right behavior when adding alias? or i mess up something? my understanding is that my lan ip will still be 10.10.10.1 and my alias ip 10.10.20.1 will work fine under the hood.
By the way im currently running 1.2.1rc1 as of sept.
thanks and good day.
