4. Quick question about multiple public subnets on SG-5100

Quick question about multiple public subnets on SG-5100


  • Hey all:

    I just inherited a company that was using a Router Guard appliance (yuck), that I have just replaced with a SG-5100. I have a routed /29 subnet from their ISP working on the WAN interface and all of the public IP's are working fine through the 'Virtual IP' function. I just found out that there is also a different /28 public subnet assigned to this company as well which I need to integrate into the 5100.
    My question is, how do I add the additional /28? Do I just enter them as more Virtual IP's or do I need to do it differently? Any advice would be gratefully received.

    Rick

    0

  • I don't have a similar config but that is what I would try first. Create a VIP for one of the IPs in that /28 and then play with it to see if it works.

    0 1 Reply
  • LAYER 8 Global Moderator

    If these are routed to you - you can actually place the IPs on devices behind pfsense if you wanted too.. There is no need to use vips - unless you actually want to do it that way.

    0

  • @kom Worked perfectly! Man, I am falling in love with Pfsense!

    0

  • I spoke too soon. I can ping the new IP from the 5100 when I add a VIP but I can't reach it from outside the FW. I have modified the NAT rules to point to the new VIP but no action. Do I have to add another gateway on the wan address with the network address of the new subnet (206.248.147.128/28)?

    0

  • No you only need the one gateway. What are you trying to accomplish with the /28? Some port forwards?? Show your NAT rules.

    0
  • LAYER 8 Global Moderator

    If the /28 is routed to you - it should be routed to you over the same transit as your other network that is routed to you. You sure they are actually "routed" we get this a lot around here where they say routed be really the isp just gave them IPs that directly attached.

    0 1 Reply

  • @johnpoz I agree. I have reached out to the ISP to get the routing information for the /28 subnet. I am waiting for that info before I move on.

    0

  • All good now! ISP had second subnet incorrectly routed.

    0
  • LAYER 8 Global Moderator

    So you going to actually put the network behind pfsense or you going to just use vip?

    0 1 Reply

  • @johnpoz I like to NAT, so I will use VIP.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy