Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi WAN IP address

    General pfSense Questions
    2
    4
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nfsiv
      last edited by

      Hello,

      just finish a fresh install of the pfsense, latest version. my network topology is:

      Internet: (WAN)
      10M Ethernet Connection from ISP, 32static IPs (for example, IP Range 58.73.0.1 - 58.71.0.32)
      Intranet: (LAN)
      100M Ethernet connection between servers and switch, 8      PC servers with private ip addresses(Server 1=10.0.0.20, Server 2=10.0.0.21,….Server 8=10.0.0.28).

      on ISP DNS server we got 3 domain resolutions:
      www=58.73.0.8 TCP 80
      admin=58.73.0.9 TCP 80
      files=57.73.0.10 TCP 80

      would like to, NAT 58.73.0.8 to 10.0.0.20, 58.73.0.9 to 10.0.0.21, 58.73.0.10 to 10.0.0.22

      the server i installed pfsense is a HP server with 2*built-in LAN interfaces. the LAN ip address set to 10.0.0.1 (same range of my servers), the WAN ip address set to 58.73.0.1
      by this way, seems like i have to change the DNS resolution to 58.73.0.1.

      is there anybody know how can i assign multi IP addresses on the PFsense WAN interface? or i have to have 4 LAN interfaces(LAN, WAN, OPT1, OPT2), then make different NAT?

      many thanks

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Firwall –> Virtual IPs

        Create as many additional IPs on the WAN interface as you need.
        You can then use these Virtual IPs in the NAT rules.
        If your additional IPs are in the same subnet than the WAN IP itself, i would use CARP VIPs (they are pingable).

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • N
          nfsiv
          last edited by

          many thanks for your kindly help.

          now i am adding all of the ips into VIP, but i got an error message when i try to add third ip into VIP, the error message is VHID 1 is already in use. pick a unique number. but the first two IP without any error.

          now i successfully add the third ip into the VIP, i tried:

          1. add the third ip into VIP but the VHID group change from the default 1 to 2
          2. after save, go to edit
          3. change the VHID group from 2 to 1
          4. save and no error

          is there anything i made wrong?

          or each machine need different VHID but need same password?

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            Don't do what you just described.
            Each VIP needs it's own VHID.
            Just put another VHID for each VIP.
            This doesn't affect the functionality.
            The password isn't used for your setup.
            This is if you want hardware-failover between multiple pfSenses.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.