How to generate static ip's on pfsense?

stephenw10

Your screen shots are too small, I can't really read anything from them.
However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.

Steve

newserver

@stephenw10:

Your screen shots are too small, I can't really read anything from them.
However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.

Steve

Sorry Steve. i will resend one by one

rule1.jpg_thumb

newserver

@stephenw10:

Your screen shots are too small, I can't really read anything from them.
However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.

Steve

part2

rule2.jpg_thumb

newserver

@stephenw10:

Your screen shots are too small, I can't really read anything from them.
However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.

Steve

part 3

![firewall rules.jpg](/public/imported_attachments/1/firewall rules.jpg)
![firewall rules.jpg_thumb](/public/imported_attachments/1/firewall rules.jpg_thumb)

newserver

@stephenw10:

Your screen shots are too small, I can't really read anything from them.
However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.

Steve

Theese TCP are just trials that I did. I can delete them all.
So you mean that I can have a such rule just once? only for one Ip?

stephenw10

@stephenw10:

you have one routed TCP connections

Sorry, that was a typo. I meant only routed TCP connections.
Your firewall rules look correct. Assuming they are on the correct interface they should be routing those IPs via the specified gateway.
Is that not happening?

Steve

Edit: One thing that looks a bit odd is that you are using 20.0.0.* for your LAN. This is not private address space but you seem to be using it as such.

newserver

@stephenw10:

@stephenw10:

you have one routed TCP connections

Sorry, that was a typo. I meant only routed TCP connections.
Your firewall rules look correct. Assuming they are on the correct interface they should be routing those IPs via the specified gateway.
Is that not happening?

Steve

Edit: One thing that looks a bit odd is that you are using 20.0.0.* for your LAN. This is not private address space but you seem to be using it as such.

there is only one interface that is used for dhcp, and that is lan.
The static ip will be used for a cctv system/dvr so it can be accessed anywhere from internet. So is needed that the client to get always the same gateway.
Still when I do several speed test on client machine, I have different gateways coming up each time. Drives me crazy. Something is wrong there…

stephenw10

What speedtest are you using?
Speedtest.net uses only http and hence tcp connections so should be good.
Try changing the protocol to 'any' in your rules.

Do you have any floating rules?

If you need it to use only one gateway only because you want it to be accessible from the internet then it doesn't matter.
All external clients will only come in via a single gateway and the replies will always go out via the same gatway since the connection is already in place.

Steve

newserver

@stephenw10:

What speedtest are you using?
Speedtest.net uses only http and hence tcp connections so should be good.
Try changing the protocol to 'any' in your rules.

Do you have any floating rules?

If you need it to use only one gateway only because you want it to be accessible from the internet then it doesn't matter.
All external clients will only come in via a single gateway and the replies will always go out via the same gatway since the connection is already in place.

Steve

I use also speedtest.net..
No floating rules.
I need only one gateway only for one specific client.If gateway changes for that client is not good for me.
But still doesn't work.
I need all 4 gateways for the rest of clients so I'll have to have them all connected.
Drives me crazy this. Actually looks so simple, but it doesn't work! Somewhere we are wrong..

stephenw10

Just to be sure are you talking about outbound loadbalancing? Reading back through the thread it's unclear.

Did you understand what I said about outbound loadbalancing not affecting services from the internet?

Have you set and manual outbound NAT rules?

You never said why you are using 20.0.0.* for you LAN. :-\

Steve

newserver

@stephenw10:

Just to be sure are you talking about outbound loadbalancing? Reading back through the thread it's unclear.

Did you understand what I said about outbound loadbalancing not affecting services from the internet?

Have you set and manual outbound NAT rules?

You never said why you are using 20.0.0.* for you LAN. :-\

Steve

Sorry Steve being a pain for you..
Yes I use the server as a load-balancer.
We are a small internet provider company.So we use it to loadbalance four static internet connections.
I have some clients need static ip for accessing their CCTV system from internet. For this I need a static ip for each
one of them. I don't know if there is a way around it.
I am not an expert on pfsense so excuse if I may not understand some of your questions.
Thank you anyway for your ongoing help..
NAT outbound is set as automatic.

stephenw10

Hmm, I don't know why that isn't working. I use an almost identical setup at home and it works no problem. Did you change the protocol to 'any'?

How do you have external access setup to the CCTV system?
You would normally use port-forwarding on one WAN to do it. In that situation The URL on which external clients connect to the CCTV box will only ever point to one WAN. It should not make any difference to external clients even if you can't use policy based routing.

And the reason you're using 20.0.0.* is…..?

Steve