Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to seperate traffic from a public network to a different public ip

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    5 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Fons
      last edited by

      Hello,

      I am a newbie to PfSense and I do have a question.

      Untill now I have used (still using because the pfsense box is not productive yet) shorewall as our company firewall.
      On our shorewall box we use masquerading for outgoing traffic from our public Lan network (for open wifi, guest login, and so on) to another public IP apart from the one used on the main network. on the box we have 4 interfaces off which eth0 is the Wan side

      It looks like this:

      all outgoing traffic from 192.168.1.0/24 through

      eth0 to use source address 206.124.146.176 which is NOT the

      primary address of eth0. You want 206.124.146.176 added to

      be added to eth0 with name eth0:0.

      ###############################################################################
      #INTERFACE         SUBNET ADDRESS PROTO PORT(S) IPSEC

      #office subnet
      eth0                10.0.2.0/24 xxx.xxx.150.98

      #public wireless (pub)
      eth0         192.168.2.0/24 xxx.xxx.150.99

      I'd like to do the same thing on our new pfsense box but I can't find a clear solution. I think it has to do with Virtual IP's. Does anyone have some experience in PfSense to this subject and can you help me out what I should do?
      Regards, Fons

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        That is possible with advanced outbound NAT and virtual IPs. eth0:0 is just an IP alias with id 0 setup on eth0. It will depend on your WAN setup which VIP type you should use. Most would use an IP alias for this, but you might need to use proxy arp if you have a special WAN setup. We would need more details to help you further.

        1 Reply Last reply Reply Quote 0
        • F
          Fons
          last edited by

          Hello

          we use the latest PfSense 2.0.1 on a dedicated six interface box.

          our WAN side is configured on interface em1 with static IP: xxx.xxx.150.110/27 and gateway: xxx.xxx.150.97

          the subnet "Foyer" for guests is on interface em4 with static IP: 10.1.0.1/22 (lots of guests!)
          we would like the outbound traffic of this subnet use IP: xxx.xxx.150.111

          thanks in advance, Fons

          1 Reply Last reply Reply Quote 0
          • P
            podilarius
            last edited by

            That is not a problem.

            First, go to Firewall -> Virtual IPs. Add one of type IP Alias
            xxx.yyy.150.111/27

            Then go to Firewall -> NAT -> Outbound and switch from auto to manual. This will put in all the subnets already configured with the default rules. You then need only to edit 10.1.0.1/22 to use xxx.yyy.150.111 as the outbound address.

            1 Reply Last reply Reply Quote 0
            • F
              Fons
              last edited by

              Ok, Done

              Thank you very much. As from now I understand much better how I can mould the pfsense box to our needs.

              Thanks again, Fons

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.