Separate VLANs to different WAN ip's



  • Hello,

    I'm planning a case for a customer and need to reason with you about the solution I'm considering. Their wish is to separate traffic from their staff and guests on different external ip's, just for legal purposes in case someone decides to do something illegal. It's basically a case of plausible deniability I guess, but it's not my place to question their wishes.
    Anyway, to make this happen they will need 2 ip's from their ISP, check. And they will need VLANs on the LAN side, check. And they need a good router to pull the config off, check (pfsense what else!). But how to configure the pfsense? Help me out!

    VLAN 100: 172.16.0.0/24
    VLAN 200: 10.10.10.0/24
    WAN IP 1: 155.4.14.49
    WAN IP 2: 155.4.14.50
    WAN GW: 155.4.14.48

    First step would be to configure WAN with one of the ip's and get that basics working. Then enter second ip in virtual IP as IP Alias. But how to proceed after that? Both WAN ip's use the same gateway, so a simple static route will not cut it. Outbound NAT? Firewall rules?

    Any help appriciated!



  • bump  ???



  • you could try with specific outbound nat rules (i've never attempted such pointless things)

    example:
    src: VLAN100_subnet
    dst: *
    nat address: virtual_ip



  • @heper:

    you could try with specific outbound nat rules (i've never attempted such pointless things)

    example:
    src: VLAN100_subnet
    dst: *
    nat address: virtual_ip

    Thank you, that seems like an easy approach. I'll try that!



  • Hey Phatsa,

    Did you figure out the configuration?

    We would like to do something similar – slightly different reason. We want to have two companies on one ISP connection and one pfSense box that will do traffic shaping.


Log in to reply