1. Home
  2. pfSense® Software
  3. Firewalling
  4. 2 Wan Subnets on same gateway

2 Wan Subnets on same gateway

  • S

    Hello everyone,

    Have a weird issue I cant seem to resolve or find any help with by searching.  I'm on PfSense 2.3.2 latest.  My ISP gave me a /30 to start with.  I have that working fine.  I just requested a /28 and received that..  However, the /28 is being statically routed by the ISP to my /30 IP.  Did not think this would be an issue but I can seem to get anything on the /28 to pass traffic to pfsense.  I have setup a wide open 1:1 Nat for a server in my lan and I don't even see anything in the firewall rules that show it's being attempted.  But if I packet capture I can see it is trying.

    ANY help at all would be great..  here is what I have tried so far.

    VIP on 2 different IP's in the /28 (not the first or last) have tried both Alias and Proxy ARP
    Setup 1:1 Nat on WAN int to the internal IP.
    Firewall rule allowing ALL to pass to the internal Lan address.

    I have also tried a simple port forward and still nothing in the logs..

    I am guessing there is something I am missing due to the ISP static routing the new subnet to the /30 IP.  I am just at a loss right not what it might be..

    Anyone have any ideas??

    Thanks
    Scott

    0
  • H

    I have zero background in this, but you don't route to an IP, you route to a Layer 2 device. In this case, the IP packet will contain the MAC address of your WAN interface, which so happens to have two subnets assigned, and the IP address of the Destination IP. The Destination IP should never change except when going through a NAT.

    I guess I'm not quite sure what you mean by

    the /28 is being statically routed by the ISP to my /30 IP

    0
  • johnpoz
    LAYER 8 Global Moderator

    If they routed the /28 to you then you can put the /28 behind pfsense and you don't need to nat, only firewall.  You would not setup a 1:1 nat in such a scenario..

    0
  • S

    "If they routed the /28 to you then you can put the /28 behind pfsense and you don't need to nat, only firewall.  You would not setup a 1:1 nat in such a scenario.."

    Johnpoz,

    Thanks for the reply..  I am not sure what you mean "behind pfsense"  Behind like the LAN??

    Thanks
    Scott

    0
  • johnpoz
    LAYER 8 Global Moderator

    yes behind like any other subnet that is not a wan. Traffic would route and be firewalled through pfsense but not natted.  If you still want to nat that you could create those IPs as Vips on on the wan interface they are routed too and nat them that way.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy