Hardcoded IP address redirection

JKnott

@shawty said in Hardcoded IP address redirection:

@JKnott ok so let me just make sure I've got this right.

1. In pfSense, create a vlan using "interfaces>assignments->vlans"
2. in hyper-v set up my virtual server to have an ip address EG: 10.0.0.1
3. in hyper-v server create a virtual switch and set it's network to be something like 10.0.0.1/30 and give it a vlan tag
4. in pfSense create a route to go from 5.6.7.8 to 10.0.0.1 using "system->routing"
5. in pfSense create a static route to go from 5.6.7.8 to 10.0.0.1 using (Iv'e yet to find the static route menu)

???

That's the general idea. I find the best way to learn something is to try it and then ask here if any issues turn up.

shawty

@JKnott Yea I find that too, but in this case I have to be careful I don't kill the pfSense setup as I have other users who rely on it's connectivity too, I also have some public facing sites of my own that are forwarded from WAN -> LAN accessible to some of my clients, so I've got to tread a little carefully here :-)

I'm currently reading a load of different posts on different aspects of pfSense.

Cheers
Shawty

viragomann

@JKnott said in Hardcoded IP address redirection:

Does pfSense support LAN to LAN NAT?

No, but you can NAT between different internal interface like LAN1 <> LAN2.

viragomann

@shawty said in Hardcoded IP address redirection:

So are you saying that I don't actually need Vlans here then?

You need VLAN anyway. NAT only works between different networks.

shawty

@viragomann said in Hardcoded IP address redirection:

@shawty said in Hardcoded IP address redirection:

So are you saying that I don't actually need Vlans here then?

You need VLAN anyway. NAT only works between different networks.

Question: Can I make one interface on pfSense have 2 different IP addresses? For example in the windows machine I type this on, I only have one physical NIC, but I have an adress in the 192.168.17.0/24 network and an address in the 192.168.40.0/24 network on it (The lights out controllers for my servers are all in the 40 subnet)

JKnott

@viragomann said in Hardcoded IP address redirection:

No, but you can NAT between different internal interface like LAN1 <> LAN2.

Then you're back to basic routing with no need for NAT.

NAT has become a curse on networking, because so many think it's the normal or even proper way to do things. Why use it, when it's not necessary, as in this case???

JKnott

@shawty said in Hardcoded IP address redirection:

Question: Can I make one interface on pfSense have 2 different IP addresses?

Yes, you can create an alias, but it won't fix the problem. When a packet for that network hits pfSense, it will see that the destination is on the same wire and send out an ICMP redirect saying to go to that destination directly and don't bother him.

viragomann

@shawty said in Hardcoded IP address redirection:

Can I make one interface on pfSense have 2 different IP addresses?

Firewall > Virtual IPs
Add additional IPs here, use type "IP alias".

shawty

@JKnott oh, of course..... (Slaps Self) it's exactly the same reason why you get backhaul redirects if you try to bind two MSC's to the same interface on an SGSN node inside the BSS subsystem on a GSM network.

Makes total sense how the Vlan's come into play now... I was so busy thinking about this from a pfSense/PC point of view that I never stopped to think about the parallels of how I would do it on a GSM setup.

Right then, off I shall go and give all this a try then.....

You'll know if it didn't work, you'll see a mushroom cloud go up over north east England :-)

Cheers
Shawty

JKnott

@shawty said in Hardcoded IP address redirection:

You'll know if it didn't work, you'll see a mushroom cloud go up over north east England :-)

I thought that was the Russian nuclear sub that caught fire the other day.

shawty

PS: I'll report back once I have any more to say ....

Thanks all for your help so far.