Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    1 WAN w/multi internal GWs

    Routing and Multi WAN
    2
    6
    348
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      theflu last edited by

      I don't if this should be posted here on in NAT, please move if needed.

      I have 2 static IPs from my ISP, what I would like to do is have 2 internal gateways on my LAN say 10.1.0.1 and 10.1.0.2. Depending on what GW the clients are set to they would have one or the other static external IPs. I also would port forwardint o work with this, so could have port 8080 forwarded on both external IPs but they would go to different interal IPs.

      WAN_IP_1 <–> LAN_GW_1 (10.1.0.1) <--> Clients
      WAN_IP_2 <--> LAN_GW_2 (10.1.0.2) <--> Clients

      I created a virtual IP alias for the 2nd external on the WAN interface. Did the same for 10.1.0.2 on the LAN interface and setup 1:1 NAT between the 2. All the traffic is still using the first external IP.

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        There isn't any way for the firewall to know which address on the LAN interface the inside host used as its gateway address. That information is not included in the packet. It all looks the same to the router.

        You could, however, put certain hosts in certain LAN address ranges and set the outbound NAT address based on the source addresses.

        The port forwarding you can do without doing anything special. Just make two port forwards. One with one WAN addresses as the Dest address and the desired inside NAT address, then the same with the other.

        I don't see any use case for 1:1 NAT here unless you're only talking about two inside hosts.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • T
          theflu last edited by

          First off, thank you.

          I got this to work with the steps below:
          1. Add the 2nd WAN IP as a Alias to the WAN interface
          2. Set outbound NAT to manual
          3. Create a outbound NAT rule make specific client IPs use the 2nd WAN IP
              Interface: WAN
              Source: 10.1.0.100/32
              Translation>Address: 2nd WAN IP
          4. Reboot pfSense

          Issued I had:
          1. Couldn't specify a specific range. Had to use Bits.
          2. The changes wouldn't take effect until I rebooted the firewall. It was still using the the original IP after the rules applied. I even tried clearing all the states and that didn't work.

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            Yeah you don't have to reboot for that. Not sure what you were seeing.

            You could make a host alias using and address range and use that for the source address but it is generally better to just do things like that within specific subnets so you can just use a CIDR netmask in one rule.

            Chattanooga, Tennessee, USA
            The pfSense Book is free of charge!
            DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • T
              theflu last edited by

              I created the host alias for the range I wanted but when I am creating the outbound NAT entry the only options for source are Any, This Firewall or Network.

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                Use network and put the alias in the network field.

                Chattanooga, Tennessee, USA
                The pfSense Book is free of charge!
                DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post