Pfsense Multiple static IPs each with its own WAN
-
Here is my situation:
I have 5 static IP addresses.
x.x.x.113 -> gateway
x.x.x.114 -> address 1
x.x.x.115 -> address 2
x.x.x.116 -> address 3
x.x.x.117 -> address 4
x.x.x.118 -> address 5I have a Netgate XG-7100 Pfsense box. I went through the initial set up of Netgate box and it is up and running. I gave the Netgate the address x.x.x.114 with the gateway x.x.x.113. I am looking to setup multiple WAN's on the Netgate box for addresses 2, 3, and 4 with all of them using the same gateway. I have one modem that i will run to the Netgate. Currently I have the modem plugged into ETH1 and my computer coming off ETH2.
Is it possible for me to set ETH3 as a WAN, ETH4 as a LAN, ETH5 WAN, ETH6 LAN, ETH7 WAN, ETH8 LAN?
The VirttualIP's are IP Aliases each with one of the static IP's.
The NAT 1:1 for each with their subnets x.x.10.x, x.x.20.x, etc
The outbound rule to "Manual Outbound NAT rule generation. (AON - Advanced Outbound NAT)"
at this point i am lost. I know i should configure the Interface assignment but I get "address overlaps with the x.x.x.114" error
Can someone point me in the right direction? and or shed some light on what i am missing?
Thank you in advance!
-
That makes no sense for me and it is not possible to set it up that way.
Don't no, what you try to achieve with that.
Your WAN addresses are within a common subnet. If you assign multiple addresses of a subnet to different interfaces, the routing won't work.
If you configure the interfaces as /32 you cannot add the gateway.
??? -
What doesn't make sense?
I want to configure the box with all 5 static IP's each having their own subnet and all using the same gateway.
I want my:
Phones
Production
L.I. Honeypot
Lab
Developmentall to have their own static IP's
-
What doesn't make sense?
Assigning the IPs of a single subnet to different NICs on a single device.
I want to configure the box with all 5 static IP's each having their own subnet and all using the same gateway.
I want my:
Phones
Production
L.I. Honeypot
Lab
Developmentall to have their own static IP's
Yes, that's doable tough.
Assign one of the public IPs to the WAN interface and the others as IP Aliases to WAN.
Use 1:1 NAT to set the incoming and outgoing NAT translations and you're fine. -
Not sure how you got that I wanted to assign a single subnet to different IP's?
In any event, I had done what you said already by creating the IP aliases and configured the 1:1 NAT.
I am a little confused as to how this works?
If ETH1 is my WAN and ETH2 - ETH8 are my LANs then if i connect ETH3, ETH4 to one switch and have each line to a separate VLAN
How does each know the static IP I want to use?I am sorry if I sound dumb or am not phrasing what I want to do correctly. I do appreciate the help!!
-
Obviously I misunderstood. Maybe a drawing of your network or what you try to achieve could bring some light into this.
-
You probably want to look at this:
https://www.netgate.com/docs/pfsense/solutions/xg-7100/switch-overview.html
In particular, you want to take some of the ports off of VLAN 4091 (LAN) and put them on separate VLANs tagged through the uplinks to newly-assigned pfSense VLAN interfaces.
You likely don't want 1:1 NAT because you can only 1:1 NAT one address to one other (hence why it is called 1:1).
What you can do is create Outbound NAT rules so each subnet egresses from a different address.
Port forward inbound are controlled by which address the outside clients are told to connect to. Any outside address can be forwarded to any inside address.