Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Maintain Production IP's within Staging Environment

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 3 Posters 783 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      Lasonie
      last edited by

      Hi,

      I have been tasked with creating a staging environment for VM's by my employer. I've cloned all three machines. I would like them to maintain the same IP address scheme and be able to communicate with one another.

      IP Scheme

      Server A: 192.168.193.x
      Server B: 192.168.193.x

      How can I prevent the IP's above from conflicting with the production IP's which are on the same subnet? Is there a way to mask the IP's  of the cloned VM's using pFsense from the internal network? Also, I would like to access the staging servers that are behind the pFsense router from a production client. Is this possible?

      Appreciate any feedback provided.

      Thank you!

      1 Reply Last reply Reply Quote 0
      • P Offline
        PathogenDavid
        last edited by

        It depends mostly on what you mean by "I would like to access the staging servers that are behind the pFsense router from a production client."

        If you want to be able to sit at your computer on the production network and use production IPs to talk to staging servers, then I think your only real choice is to set up a VPN into the staging network. (Well, you could also just change what network you're plugged into or use a different VLAN, but I imagine you don't want to do something so manual.) An added bonus of this is that it is impossible for you to accidentally access the production network while using the staging VPN. The downside is if you forget to start your VPN, you might not notice you're actually connected to the production network. (Either way, I'd plan to make it obvious what network you're on.

        If you normally access the servers through the firewall (IE: using forwarded ports), then there shouldn't be any change at all assuming the production pfSense uses a different WAN IP than the staging one.

        I think if you want concrete recommendations though, we need to know more about how your network is set up. (I'd also wonder why you're insisting on using the same IP addressing scheme, seems like asking for trouble to me.)

        1 Reply Last reply Reply Quote 0
        • DerelictD Offline
          Derelict LAYER 8 Netgate
          last edited by

          Yeah. Just put them behind something else that NATs for them if they need internet access. Otherwise just put them on a blank VLAN or a host-only vswitch.

          You are going to have to really be careful if you want to access one 192.168.193 network from the "real" 192.168.193 network.

          And you won't be able to just tell a host on the "real" 192.168.193 network to access something on the test 192.168.193 network using that address. I know of no way that can be done while also maintaining separation between the two.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.