Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    MULTIPLE IPS - WAN SETUP TO DIFFERENT LAN SEGMENTS

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      amajidkh
      last edited by

      Hi, I have scenario as follows, 7 nics on my virtual firewall running latest build of pfsense.

      em0 > untrust
      em1 > trust-lan01
      em2 > trust-lan02..etc

      Each interface is segregated and have their own ip scheme ie 10.69.10.0, .20.0 etc

      At the moment using auto NAT and firewall rules I am able to surf the internet using the untrust interface ip ( like a global masquerade )

      I have 16 ip addresses from my isp, I would like to assign a static ip per lan interface So if I was to do a whatismyip from trust-lan02 it would be the ip I have assigned and not the untrusted one.

      I tried this by enabling ip alias > then setting 1-1 and a virtual ip however when i do this I can not get access to anything.

      I am new to pfsense please bear with me, I am trialling this over a mikrotik which I am quite comfortable with.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        With IP Aliases you can assign each IP you got from your ISP to your WAN interface. However, this isn't necessary for your goal, since you have assigned the hole net segment (/28) to WAN if, but it's an advantage in clarity for handling the IPs in pfSense, I think. And it's recommended.

        With 1:1 NAT and port forwarding you can handle incoming traffic (into pfSense), but you want to impact outbound traffic here. So you will need to configure outbound NAT for your requirements.

        On the outbound tab in firewall > NAT select "Manual Outbound NAT rule generation" and click save. Then you should see a list of automatic generated rules for all your assigned subnets under mappings. Edit these rules or generate it manually if they don't exist, under source, choose the subnet you want to handle,  leave protocol, source port and destination to any and at Translation address you can select the IP Alias you have defined before, if you don't select Other Subnet and enter IP and mask below. Leave the translation port to any.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.