ISP Router (not modem) Secondary WAN IP with pfSense



  • Hello,

    I am trying to use pfSense at work to do the following:

    • Monitor each host traffic speed to see who is consuming the bandwidth
    • Speed limit some hosts
    • Use squid cache to cache frequently downloaded contents (documents, programs and windows updates)
    • On a later stage if I succeeded in doing all above.. hopefully I would control who can access the network physically (e.g. manual IP assignment through a cable).

    My network before pfSense is relatively simple, an ADSL router from my ISP that has a DHCP enabled which distributes private IPs 192.168.1.0/24 and all of them go online using the same WAN IP. Also this router is configured to use a secondary WAN IP. I use this secondary WAN IP by assigning it manually to a Windows OS host that is running an ERP software. The rest of network hosts like my PC go online using the primary WAN IP (behind the private IP assigned from the ISP router's DHCP). All of them are connected to the same switch.

    Using this router I am able to do portforward on the primary WAN IP to access some services on different hosts (Debian server, NAS, Virtualbox..etc.). Through the secondary WAN IP I can access services on the Windows OS ERP host only mentioned earlier (they are too many to be forwarded, a dedicated IP is a must).

    I have a basic knowledge about networking, so before trying pfSense, I read articles, books and watched videos about this very powerful piece of work. Then I began the implementation. Still terms like static routes, VPN and CARP …etc. freaks me out. But I am trying.

    All went well except the use of a secondary WAN IP. The Windows ERP host goes offline; it doesn't send or accept connections at all.

    My pfSense implementation is WAN interface that is DHCP configured and connected directly to the router. A LAN interface that is connected directly to the ethernet switch.

    Any suggestions to make the secondary WAN IP online and accept connections? Without compromising the purposes mentioned above.

    Thanks in advance


Log in to reply