Multi-WAN with same Gateway

mohkhalifa

Dear Guys,
I have one router with multiple static IPs. So, How can I use same gateway and same subnet for multiple interfaces ?
Example:
Interface-01: 10.0.0.212/24 - GW:10.0.0.2
Interface-02: 10.0.0.213/24 - GW:10.0.0.2
Interface-03: 10.0.0.214/24 - GW:10.0.0.2
Thanks and waiting your kind reply

viragomann

That cannot be done. How should pfSense know, which interface to use to pass traffic to that gateway?

Since all your IPs are within the same subnet, assign them all to one interface. One as primary interface address and the others as virtual IP of type "IP alias".

mohkhalifa

@viragomann said in Multi-WAN with same Gateway:

Since all your IPs are within the same subnet, assign them all to one interface. One as primary interface address and the others as virtual IP of type "IP alias".

Thanks @viragomann for your reply. Can you explain with details or instructions How Can I do it because it's not clear to me
Thanks

viragomann

@mohkhalifa
Just assign 10.0.0.212/24 to the interface and set the gateway.

For the virtual IPs go to Firewall > Virtual IPs, hit Add, select type "IP Alias" and the interface you've assigned the static IP before. Enter 10.0.0.213 at address and select the correct mask, enter a description if you want and save it.
Assign the third IP in the same way.

mohkhalifa

Thanks @viragomann for your reply. I did what you mentioned BUT at the end I want to create a firewall rule for specific server in my LAN to go through this V-IP or to choose it from the gateway drop menu in the advanced rule options.

viragomann

@mohkhalifa said in Multi-WAN with same Gateway:

BUT at the end I want to create a firewall rule for specific server in my LAN to go through this V-IP

You're talking about outbound connection, I guess?

@mohkhalifa said in Multi-WAN with same Gateway:

or to choose it from the gateway drop menu

You have only one unique gateway you stated above. So there is no option to choose different.
What are you trying to achieve with that?

mohkhalifa

@viragomann said in Multi-WAN with same Gateway:

What are you trying to achieve with that?

My router has 3x Static IPs and I want to use them in my LAN. my router Multi-NAT configuration as I mentioned above 1:1 (Public IP = Private IP). So, I understand that I can't use the same gateway for the same subnet. So, I need a way to add them to pfSense and add firewall rule to pass my traffic through these static IPs.
Example:
VPN= Static IP 1
Exchange= Static IP 2
Web-server= Static IP 3

viragomann

@mohkhalifa said in Multi-WAN with same Gateway:

my router Multi-NAT configuration as I mentioned above 1:1 (Public IP = Private IP). So, I understand that I can't use the same gateway for the same subnet.

You only mentioned static IPs above. Can't see what you're achieving to do with it.

@mohkhalifa said in Multi-WAN with same Gateway:

Example:
VPN= Static IP 1
Exchange= Static IP 2
Web-server= Static IP 3

Assuming, these are the IPs you stated and you have assigned to the WAN interface yet as suggested, you can now add NAT 1:1 rules to these IPs:
Go to Firewall > NAT > 1:1 and add a new rule:
Interface: WAN
External subnet IP: 10.0.0.212
Internal IP: single host > e.g. 192.168.64.5
Destination: any

So pfSense forwards traffic on WAN side with 10.0.0.212 as destination to 192.168.64.5, while outbound from 192.168.64.5 gets 10.0.0.212.

However, consider that this NAT rule does not permit any traffic, you also need to add firewall rules to allow traffic to the destination 192.168.64.5 (you must use the internal IP).

mohkhalifa

Thanks @viragomann for your care. I did it but in another way.

Rico

Nice....would you mind share?

-Rico

mohkhalifa

@rico said in Multi-WAN with same Gateway:

Nice....would you mind share?

-Rico

1- You must have router with a Multi-NAT option
2- You have to configure 1:1 Multi-NAT in your router with any IPs from your router's subnet
ex:
WAN IP-01 x.x.x.x = 192.168.1.11
WAN IP-02 x.x.x.x = 192.168.1.12
WAN IP-03 x.x.x.x = 192.168.1.13
3- If needed, Forward the ports for IPs we already made in step 2 and at the same time allow the ports from the router's interface in pfSense
4- Create a Virtual IPs for each IP we already made in the Multi-NAT configuration "Private IPs".
5- Create pfSense 1:1 NAT rules for each private IP to our desired Local Server IP
ex:
Private IP 192.168.1.11 = Local Server IP 172.16.10.11
Private IP 192.168.1.12 = Local Server IP 172.16.10.12
Private IP 192.168.1.13 = Local Server IP 172.16.10.13
6- Create a firewall LAN rule to pass the traffic and MUST choose the gateway for the interface we are working with.
7- check the firewall Rules for opened ports in the router's interface we allowed in step.
That's all