Multi WAN: Public IP overlap error on Hetzner hosting
-
I have the following setup on Hetzner hosting server.
Hyper-V Host(Physical) ->PfSense -> WebServer 1, WebServer 2, WebServer 3(Internal Network)
In HyperV I got two switches, one connecting to external network another internal only network. The VMs are on internal network with 192.168.1x range. Since each server hosts websites, I have to assign different public IPs to each server. For this I use Pfsense to NAT the Port 80/443 to the internal IPs. Basically, Pfsense is placed in middle of the public and private network.
The problem I am having is with the Public IPs assigned by my provider. Each IP has a unique MAC address. So the only option for me is to configure separate network interface for each IP on the Pfsense. The network configuration looks like this.
- LAN - 192.168.1.1
- WAN - xx.xx.xx.100
- OPT1 - xx.xx.xx.101
- OPT2 - xx.xx.xx.102
The problem is the public IP all have common Gateway and part of same /16 network. So when I try to manually configure it I get error overlapping subnet.
Anyone able to suggest a solution? I can't use the virtual IP feature since each IP has a unique MAC address.
-
-
@kom Thanks for the article.
I am already using NAT rules for each interface. The problem is I can't configure the IPs on the interface. It gives the overlapping subnet error. So can't proceed further.
-
@tharun518 I think they mean that you have to have something in front of your OPT interfaces performing the NAT for you on traffic before it hits your OPTs to stop that overlap error.
-
@kom I wonder how I could implement it virtually on Hyper-V.
I kind of got a workaround. I can use DHCP option and it automatically configure IP and gateway. The problem is due to multiple gateway connectivity is not working. But I found that if I add the additional interface after configurating WAN it work. It will default to WAN gateway until reboot.
I am still wondering if there is a official solution problem this problem.
-
@tharun518
Do some searches here or in the internet. You're are certainly not the first one who run pfSense on Hetzner with multiple public IPs.It seems quite strange to me that the provider requires the correct MAC for each IP to talk to it. If that is not the case, you could simply add the second and other IPs as IP Alias to a single interface.
-
@viragomann I also thought the same. I have been searching on Google for past few days. But haven't found anything close to my scenario. Hence, thought to post it here.
-
@tharun518 Can you go back to Hetzner and ask why this is, and if they have an solution? Like viragoman, I have not seen an ISP that forces specific MAC addresses on its IPs.
-
@kom I have asked them. Their solution is to purchase an entire subnet (6 IPs) but I need only 2. For subnet they can route it to a main IP without need for a subnet.
I think most hosting providers use MAC binding. OVH allows to reuse same MAC. So this allow to use same WAN interface and use virtual IP.
-
@tharun518
A quick search here drew this german thread: https://forum.netgate.com/topic/58492/multiple-wan-esxi-5-1-bei-hetzner-pfsense-2-03-nicht-mehr-erreichbar/8The guy got it solved by configuring the first interface with correct mask and the default gateway and set the mask of the others to /32 and set teh gateway to none.
So they don't overlap and all use the default gateway. -
@viragomann I think you posted wrong link.
It seems to be a good solution. I will give it try later.
-
@tharun518
Corrected it.
