Use 2 PFSense to have more than one public adress ?
-
Hi,
Here's my goal :
I have one site with pfsense 2.0.1, it's use WAN with Dynamic IP andi have to open 2 Websites with SSL (IIS 7.5 & Exchange 2010).
I have some vmware esx in a datacter with public RIPE available, and i have a working pfsense too.
Is this possible to redirect traffic from my pfsense "vmware" to my local pfsense ?
I tried with ipsec or gre interface and it's not working…May be it's not possible ?
Thanks
Guldil
-
when I had internal web servers couple years ago i believe I used 1:1 nat it passed through to the pfsense behind 12 public ips behind it.. but I had unusual masking from my provider. our server had 13 public ips the pfsense had x.x.x.66/30 and a gateway. x.x.x65 the public ips range was x.x.x.81 - 94.. but I also had to configure pfsense in a different way than it allowed at that time
snippet of what i had to do at that time
I had a linux box at that time and was changing over to pfsense and what i had to do to get it to work in pfsenselinux routing table
XX.xx.XX.64 0.0.0.0 255.255.255.252 U 0 0 0 eth0
xx.xx.XX.80 0.0.0.0 255.255.255.240 U 0 0 0 eth1
172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1virtual lan on eth1
ip XX.XX.XX.81
subnet 255.255.255.240
broadcast xx.xx.xx.95and lan eth0 – (wan)
ip xx.xx.XX.66
subnet mask 255.255.255.252
broadcast xx.xx.xx.255pfsense routing table
IPv4
Destination Gateway Flags Refs Use Mtu Netif Expire
default xx.xx.xx.65 UGS 0 1427 1500 vr0
127.0.0.1 127.0.0.1 UH 0 0 16384 lo0
172.16.0.0/24 link#1 UC 0 0 1500 xl0
172.16.0.73 6c:f0:49:42:64:2b UHLW 1 374 1500 xl0 1174
xx.xx.xx.64/30 link#2 UC 0 0 1500 vr0
xx.xx.xx.65 link#2 UHLW 1 68 1500 vr0
xx.xx.xx.66 00:0d:87:04:07:25 UHLW 1 51 16384 lo0
xx.xx.xx.80/28 link#7 UC 0 0 1500 vlan0example :
ifconfig re0 172.16.16.66/30 broadcast 172.16.16.255
this way every time you restart... you reboot with the proper configurations.
problem after reconfiguration you may need to reboot so things are working properly. (
when setting up your wan,lan or opt within pfsense set it to the basic ( internet capable setting or network what ever your network priority is)
in this case with the above example it would be 172.16.16.66/24.. ( since these special broadcast configuration in my case only allow multiple ip pass through pfsense-- but if I need the pass through priority then I set it at 172.16.16.66/30 then these ips will remain functional )but I think this is not what your asking i think you have one public IP and trying to divide between two pfsense routers and several servers behind that. I think the only way your going to get that work is port forwarding .. and then using domain service to give it user friendly names
-
I don't know how to explain…
Just imagine one pfsense with 2 Public WAN IP and PPTP Server.
I have another site with a WebServer.
This Webserver connect to my pfsense with PPTP Client and the traffic for port 80 of the second WAN IP is redirected to the PPTP Client ?PPTP Server is just an example, it could be OpenVPN or a direct "tunnel" between the router.