Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Secondary address space on the WAN interface (different gateway)

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W Offline
      wmiwmi
      last edited by

      My ISP recently allocated another IP range on our corporate Internet connection.  The new one is a public /29.  Unfortunately, it has a different gateway than my first /29 range.  So something like this…

      Initial IP range: x.y.z.a/29 gateway 192.168.1.1 (but public)
      New IP range:  b.c.d.e/29, gateway 10.0.0.1 (but public)

      What I had expected from the ISP was an additional grant using the same gateway (not sure that that was even a reasonable expectation, but that's what I thought I'd get), so that I could add the additional IPs as VirtualIPs.  Since this new range has a different gateway, I'm not sure how to do that in pfsense.  The ISP says that these IPs come in on the same physical interface from them - but I'm not sure how make use of these in pfSense.  Is there a way to add a new "virtual" (?) interface on the same physical interface?

      1 Reply Last reply Reply Quote 0
      • M Offline
        Metu69salemi
        last edited by

        Proxy arp is capable in this situation. or if you have multiple modems you could create loadbalancing/failover situation

        1 Reply Last reply Reply Quote 0
        • W Offline
          wmiwmi
          last edited by

          How would I actually do it?  Attached is snip from my proxy arp screen, but I don't see any obvious way to specify the new connection/gateway

          http://postimage.org/image/2lhonjpxg/

          1 Reply Last reply Reply Quote 0
          • M Offline
            Metu69salemi
            last edited by

            Try to look for load balancing there  might be your answer

            1 Reply Last reply Reply Quote 0
            • W Offline
              wmiwmi
              last edited by

              Ok - so it works, but I'm not sure how it works.

              From the new IP range, I created a Proxy ARP entry for 1 of the new Virtual IPs (x.y.z.1/32), on the same physical interface. 
              Next, I created a NAT rule forwarding HTTP traffic from x.y.z.1/32 to an internal web-server.
              Then, I tried connecting externally to http://x.y.z.1 - and I saw the web-page of my web browser.

              So - great, it works!  But what I'm confused about, is how it worked.  Without having the new gateway specified somehow (since the Proxy ARP entry doesn't let you add a gateway), how am I able to hit this from off-site?  Does this mean that my ISP has routed the IP to me?

              Thanks!

              1 Reply Last reply Reply Quote 0
              • C Offline
                cmb
                last edited by

                You don't need the gateway, in those scenarios it's generally the same as your default gateway. A better scenario is having your ISP route that second block to you, that way you aren't wasting 3 IPs, network, broadcast and gateway addresses, out of that subnet. There's no need to assign subnets like they're doing there (it'll work, just not the best way).

                1 Reply Last reply Reply Quote 0
                • W Offline
                  wmiwmi
                  last edited by

                  Then how does it work?  The first IP block from my ISP had a "gatewayA" which is assigned to my physical interface.  The second grant that I got today had "gatewayB", which I'm not specifying anywhere.  I'm going through and adding each IP from that new range as Proxy ARP VirtualIPs (e.g. 1.2.3.4/32, 1.2.3.5/32, etc. instead of 1.2.3.4/29), and creating NAT rules for each, but since "gatewayB" isn't ever specified anywhere within pfSense, I'm not sure how/why it's working.

                  1 Reply Last reply Reply Quote 0
                  • C Offline
                    cmb
                    last edited by

                    Gateway B has the same MAC as gateway A so it only has to use gateway A. If B were on a different router from A, you'd have issues as currently configured, in that case you'd just set it up as a second Internet connection on a separate interface (as that's what it would be).

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.