Multiple LAN IP Addresses

renepc · Nov 12, 2007, 8:57 AM

Hello @ all!

I have to use the LAN Interface of pfsense with 3 or 4 Gateway Addresses.
Here my Problem:

i can't define a second LAN IP in the Webinterface.
if i set the second IP on the shell with ifconfig, i can ping it, but cant use it as gateway address (i have made the Firewall Rules and Outbound NAT Rules).

so what can i do to use 1 Interface as a Gateway for multiple subnets?

i hope you will answer soon!

greetz rene!

GruensFroeschli · Nov 12, 2007, 11:43 AM

Get a VLAN capable Switch and use VLANs.
Right now it's not possible to do it the way you want to do it (creat aliases).

Btw: messing with the system from console is not supported.

renepc · Nov 12, 2007, 2:00 PM

when will this function be integrated to pfsense?

GruensFroeschli · Nov 12, 2007, 3:36 PM

When it's done.
Afaik it's already in HEAD.

(dont expect it within the next year)

jahonix · Nov 12, 2007, 8:46 PM

Or put some additional NICs in your router and assign different subnets to them.
You would need a dedicated switch for each subnet then, of course.

humbled1 · Nov 14, 2007, 4:15 PM

So what you are saying is that PfSense does not support transversing VLAN tagging for 802.1Q?

dotdash · Nov 15, 2007, 9:20 PM

No. That is not what anyone was saying. Using FreeBSD standard alias' is not currently supported…

mrsense · Nov 16, 2007, 4:51 AM

Btw, don't get your hopes up alias had been promised since v1.0 so I guess it's not a priority.

mrsense · Nov 16, 2007, 8:29 AM

I wonder if the following would work:

Interface 0:
VLAN ID Default; IP 192.168.10.10.222/24
VLAN ID 1; IP 192.168.1.222/24
VLAN ID 2; IP 192.168.2.222/24
VLAN ID 3; IP 192.168.2.222/24

Setup Proxy ARP on VLAN Default for VLAN 1,2,3 and allow traffic between VLANs

mr-s

bill · Nov 20, 2007, 10:19 AM

BTW:
Please be aware that VLAN1 is usually the default VLAN.

If you connect to a switch that might lead to trouble. (It might work with certain switches, but it is usually better to be on the safe side)
I would recommend to try
VLAN ID Default; IP 192.168.10.10.222/24
VLAN ID 2; IP 192.168.1.222/24
VLAN ID 3; IP 192.168.2.222/24
VLAN ID 4; IP 192.168.2.222/24

Don't know if that is going to work with proxy arp, but good luck.

jahonix · Nov 20, 2007, 10:34 AM

@mrsense:

VLAN ID 2; IP 192.168.2.222/24
VLAN ID 3; IP 192.168.2.222/24

Is that a typo or by intention?

And in the VLAN HowTo it is highlighted that you should not use the first VLAN for production.
Switches like to use it as default and a drop back down there might easily occur,asking for trouble…

Perry · Nov 20, 2007, 11:34 AM

A bit off curse, but the vlan1 / default vlan on the switch can / should be used as monitor / management vlan for the switch.
So on pfSense I've made a vlan for vlan id 1 so i can connect to the switch management site.

jahonix · Nov 20, 2007, 1:04 PM

Exactly that's the purpose of it.
Furthermore, the switches I put my hands on so far have vlan0 defined as default with all ports included.

FiL · Jun 19, 2008, 4:54 AM

Any updates on this?

I have flat network behind the firewall and have to use 2 subnets. No VLANs involved and no NAT either. Just firewall.
So what I need is 2 addresses on LAN interface. I don't need to NICs as everything goes to the same flat physical network.

Is it still impossible to do with pfSense?

Thanks,

FiL

cmb · Jun 19, 2008, 5:19 AM

See http://doc.pfsense.org/multiple-subnets-one-interface-pfsense.pdf

FiL · Jun 19, 2008, 1:06 PM

@cmb:

See http://doc.pfsense.org/multiple-subnets-one-interface-pfsense.pdf

Thanks a lot.

Guest · Aug 22, 2008, 4:02 PM

@cmb:

See http://doc.pfsense.org/multiple-subnets-one-interface-pfsense.pdf

It works! But i had to reboote for some reason.

But have a problem. I am using CARP.

I added a CARP address to my extra LAN-SEGMENT in the XML(Cant do it in the web interface) but it does not work. Have also tried to ad a PARP just to test. But this is not working ether.

I was hoping for a work-around. I hope i don't have to wait for 1.3 :)

Any good idea of how to fix CARP in this situation?

jtpagaran · Oct 1, 2008, 10:45 AM

Good day,

I tried it and it works.

this is my set up.

public ip –->wan pfsense lan ----10.10.10.0/24

the i added the alias ip 10.10.20.1 and added the recommended firewall rules

Now from workstation w/ ip 10.10.10.100 i can ping 10.10.10.1, 10.10.20.1 and workstation 10.10.10.100 and vice versa.

I think every things fine but i notice that from my pfsense console and under the lan interface menu that it's ip is now set to 10.10.20.1.

Is this the right behavior when adding alias? or i mess up something? my understanding is that my lan ip will still be 10.10.10.1 and my alias ip 10.10.20.1 will work fine under the hood.

By the way im currently running 1.2.1rc1 as of sept.

thanks and good day.