Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple Public IP's With different Gateways

    Scheduled Pinned Locked Moved Routing and Multi WAN
    7 Posts 3 Posters 790 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      asdf1nit
      last edited by

      So I have had a single public static ip on my pfSense. I recently requested a 3 more so I could host a couple internal sites for public access. My ISP gave these to me but they are in a different range with a different gateway address as well. I only have a single interface that's WAN and my ISP only provides me with 1 connection. How would I go about adding those IP's to my WAN?

      I initially tried adding the new gateway to my existing WAN, and assigning the new IP's as virtual IP's but that didn't work. Would I have to create a static route or do this some other way?

      Thanks for any help I can get,

      J

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Please provide specifics as to what the ISP provisioned for you.

        Sounds sub-optimal for hosting external-facing sites through one firewall.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • A
          asdf1nit
          last edited by

          If they were any sites that really mattered then I would move them to our azure deployment. It's mostly internal nas for some employees and my Apple MDM server that needs inbound and outbound and I'd rather not use my normal static IP so I'll use 1:1 Nat for a few things.

          As for the IP information.

          I currently have a 173.218.246.xxx/24 with a gateway of 173.218.246.xxx

          The new IP's they gave me are 208.180.183.xxx/24 with a gateway of 208.180.183.1

          DerelictD 1 Reply Last reply Reply Quote 0
          • A
            asdf1nit
            last edited by

            And before it gets brought up about ddns... Yes I know... No I don't want to use ddns.

            When we share files the link isn't from our website because it uses the qnap service and we want it branded by our org. I'll use subdomains of or site to point to those it's and get valid certs.

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate @asdf1nit
              last edited by

              @asdf1nit said in Multiple Public IP's With different Gateways:

              I currently have a 173.218.246.xxx/24 with a gateway of 173.218.246.xxx
              The new IP's they gave me are 208.180.183.xxx/24 with a gateway of 208.180.183.1

              That is a pretty convoluted way to do things.

              Looks like you bought a service tailored for multiple hosts on the network not a router.

              If they can give you three addresses on the 208.180.183.xxx/24 network instead that might work.

              Why can't they give you more addresses on the same network?

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by jimp

                Can you tell if both subnets have the same gateway MAC address? In the past I have seen that done where the ISP misinterpreted the request for a second subnet as wanting more devices on the WAN L2, so they set it up as a gateway instead of routing.

                Usually in those cases the gateway for both subnets is actually the same MAC address so you don't have to bother with using or knowing the second subnet gateway. Add the addresses from the new network as IP Alias VIPs and it should work if that is the case.

                If that is not the case, still add them as IP Alias VIPs and add the new gateway, then make a floating rule, set to pass, quick checked, outbound on WAN, source of your new subnet, any destination, with the gateway set to the alternate gateway. That should work but I haven't tried that scenario in a while.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                A 1 Reply Last reply Reply Quote 1
                • A
                  asdf1nit @jimp
                  last edited by asdf1nit

                  @Derelict @jimp thanks for that feedback. I'll will try as you suggest and report back.

                  I had another conversation with a friend last night and came up with 3 other possible solutions as well.

                  1. Ask the ISP for addresses in the same block with the same gateway(preferably in our original address space). I asked this yesterday day and waiting for a response. This is as @Derelict said.

                  2. If the above isn't possible, can they tag the new gateway and I could at a vlan sub interface on the wan. Not sure this is possible in pfsense as I haven't had time to investigate.

                  3. Add a dumb switch in front of my firewall and split their connection into 2 connections and use another interface on my box for the new gateway and ip's.

                  While senerio 1 is the most desirable, anyone see problems with 2 or 3?

                  We've had our public IP for over 10 years and while I could just get a block of them all together we would like to keep our existing.

                  That being said since our existing is a 173 in a 24 block and the new ones are 208 in a 24 block is oblivious that our ISP is trying to conserve IP's by using 24's and not splitting the blocks up into smaller 28,29 or 30's. Why make 30'and limit the customers they can handle to 64 instead of 254... So I'm thinking or primary IP block is probably full which makes me think I'll be looking to solution 2, 3 or the above as jimp stated.

                  And the no particular reason we would like to keep our existing IP, other than we've had it a long time...

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.