Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    MultiWAN pfsense routing

    Scheduled Pinned Locked Moved General pfSense Questions
    17 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      ros81 @Derelict
      last edited by

      @Derelict thanks.. I have created virtual ip.

      I talked to the ISP, and they do dhcp reservation (MAC binding)... Is there any workaround to get around this issue?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by Derelict

        Not really. They need to figure out that is stupid. It sounds like the service you purchased is locked down to connecting one IP address per MAC address. That is dumb. See if they can give you a proper subnet.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Mmm, if you can only use the IPs directly and they require a different MAC for each IP your options are limited.

          If you have one or two public IPs there some workarounds you might use but for more than that you will have to bridge the WAN to another interface and use the IPs directly on hosts connected to it. You can still filter traffic to/from them in that scenario.

          Steve

          R 1 Reply Last reply Reply Quote 0
          • R
            ros81 @stephenw10
            last edited by ros81

            @stephenw10 yea... They need a Mac for each IP. We have 5 IPs from the same subnet. But I just need 3 public IPs, one being the PFSENSE IP. What's the workaround? The pfsense is bridged to ISP ROUTER.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              I don't think you can do three. You can add a single interface bridge and set a MAC on that.

              You will to bridge it to another interface and use them directly.

              Steve

              R 1 Reply Last reply Reply Quote 0
              • R
                ros81 @stephenw10
                last edited by

                Thanks @stephenw10.. Logically speaking, if adding the interface cards for the other connections to connect to the other public IPs, do they leave those connections on the DMZ? Or can I still monitor/control the traffic? Can I interact with that LAN from the other LAN?

                Is there a document I can refer to?

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  The only document is probably this:
                  https://docs.netgate.com/pfsense/en/latest/book/firewall/methods-of-using-additional-public-ip-addresses.html#bridging

                  You can still filter the traffic between the actual WAN and the bridged segment even though they are in the same subnet. So you don't have to don't have to have those IPs exposed and you can control what they can connect to.
                  You can connect to them from the LAN just like any subnet connected to the firewall.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Or just get a circuit that is properly-provisioned for your use case.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Yeah, do that if it's an option for you. Bridging should always be a last resort.

                      R 1 Reply Last reply Reply Quote 0
                      • R
                        ros81 @stephenw10
                        last edited by

                        Ok.. I'll give it a try. Thanks guys..

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.