Multi Wan routing specific private ip



  • is there a way to route a particular private ip to use a a different wan address other than the default one, im sure there is, but im still green on the product, cause if i can have just one firewall for my servers it would be awesome, then i can just the correct ports needed etc



  • You just create a firewall rule on the LAN. Set the source to the IP of the machine and specify the gateway. Make sure the rule is before the Default LAN > Any rule.



  • i have 5 ips, only using 3 of them, but theyre all in the same ip range so when i attempt to select gateway the numbers all the same, because of being in the same range, i have however attempted to go through those gateways, each time apply and checking what pubic im using to go through to internet, always come back the same



  • So you dont actually want multiWAN, but to have outbound traffic leave via a different IP.

    Create VIP's for your additional IP's and enable Advanced outbound NAT.
    Then change the autocreated rule to use this VIP for NAT instead of the default WAN-address.



  • yeah that sounds like what im more after, are you able to share a little more detail i understand vip as virtual ip etc but when i attempted to follow what you said, it crashed pfsense heh, and had to reboot system



  • or maybe i didn explain myself enough, however have tried both, ill try re explaining myself :)

    i have 5 public ip's available, what i would like to do is have pfsense handle all of them and route appropriate lan traffic (individual ip's) to different wan ip's (public) ive given both of your suggestions were, a go and the first one i managed to freeze pfsense up to the point of needing to rebuildm heh and the later wasnt as effective at the first, where pfsense does continue to run but without any accomplishments, so the vip's are sitting there with aon turned on etc



  • I have never seen pfSense crash, or 'freeze to the point of needing rebuild' (whatever that means) from adding a firewall rule or turning on AON. The instructions you received were correct for what we could guess you were trying to do. You should open a new thread in either the NAT or the VIP forum and provide complete details as to what your configuration is, what you are trying to do, and what is not working as expected.



  • ive been given 5 ip's from my ISP, all in the same subnet what i would like to do is setup 2 ip's for Load Balancing i have attempted to load balance with instructions but could be a problem to when i choose the gateway for failover, as th gateways are all the same.

    and the other 3 for a web server, mail server and something else, each of these servers are on my private network, what i would like to achieve is routing each internal ip number for each server to a different (Public Ip Address).

    At the end of the day managing one firewall is far more efficient than having a firewall for each public ip, NIC cards are not a problem Pfsense Box is sitting with 6



  • As said before: you dont need loadbalancing.
    Loadbalancing is when you have multiple WANs.
    Since you have a single WAN with multiple IPs loadbalancing would not make much sense.

    What would make sense in "some" cases if you have for outbound NAT different IPs.

    ie:
    office 1 IP x
    office 2 IP y
    office 3 IP z
    etc.

    I dont see any benefit with loadbalancing in the sense of that you have randomly a different source IP with outbound traffic.
    (not to speak of that it's currently not possible to have the same gateway multiple times for different WANs)



  • ok so i set up VIP with the public Ip's

    attempted to do Advanced outbound Nat with

    Interface- Wan
    Source- Network
    Address- 192.168.0.200 24

    Translation- Desired VIP public Ip

    However on clicking save

    the nat rule defaults instead from 192.168.0.200 to 192.168.0.0,

    i thought this way could allow set ip's?,



  • Please show a screenshot of your VIP-page and the AoN page.



  • heres the screenys

    thanks in advance and apologies if i misunderstood your walkthrough






  • The rules are on a first match basis.
    Your second rule never gets applied because if the source is 192.168.0.200/30 it will always be NATed to 202.170.167.90
    You can also delete either the 3rd or 4th rule.

    I suppose you have separate IP's for
    "Web,Ns"
    and
    "Mail,Ns2"

    Set in the source the actual IP of these servers and as subnet /32 (single host).



  • yeah it was a form of troubleshooting trying to see if it was going out on a different ip :)


Locked