• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Adding an Additional subnet to the WAN interface

Scheduled Pinned Locked Moved HA/CARP/VIPs
3 Posts 2 Posters 2.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    WarrickF
    last edited by Mar 2, 2009, 11:12 PM

    Hi All,

    I have a working setup with pfsense being used as an office firewall.

    I currently have a single subnet routed to the WAN interface and now need to have an additional subnet routed to the same WAN interface.

    Setting up Proxy Arp addresses work fine on the existing WAN subnet and I'm able to NAT back to internal IP's just fine.

    BUT - even though Proxy Arp seems to be working for the new subnet I've routed to the WAN interface, I can't get Pfsense to NAT traffic back into the LAN network.

    I found this document that explaines how to add additional subnets to the LAN interface - is this necessary in my situation?

    http://doc.pfsense.org/multiple-subnets-one-interface-pfsense.pdf

    Thanks
    Warrick

    1 Reply Last reply Reply Quote 0
    • G
      GruensFroeschli
      last edited by Mar 3, 2009, 9:30 AM

      Could you describe a bit better what you mean with "I can't get Pfsense to NAT traffic back into the LAN network"
      Do you mean you added the new IP's as PARP VIPs on the WAN and then used these VIPs in an NAT rule?

      How did you test?
      What did not work?

      We do what we must, because we can.

      Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

      1 Reply Last reply Reply Quote 0
      • W
        WarrickF
        last edited by Mar 3, 2009, 2:24 PM

        Yes, that's exactly what I did. I added a PARP IP via the Virtual IPs menu and allowed it to auto create the rule for me (allowing HTTP back to the web server running internally).

        I then added an additional rule allowing ICMP to internal address. Both rules are created on the WAN interface and reference the internal address that I'm allowing traffic to.

        I've done this many times for IP's that are on the WAN interfaces primary network.

        I then used the packet capture option to sniff the traffic destined for the PARP address on the WAN side and I do see both ICMP and HTTP traffic hitting the WAN interface when I test the respective protocols.

        I then did the same thing sniffing the LAN interface to see if there's any packets being sent to the internal NAT's IP - and I don't see anything. I've also run a packet sniffer on the web server to ensure that I'm not missing something and that traffic is in fact not hitting the machine somehow - there's nothing coming out on the LAN side.

        Downloading the config XML and looking at the version element - it says I'm running version 2.9. Looking at index.php it says I'm running 1.2-RC1 (built on Sat Jul 21 13:42:54 EDT 2007 )

        Thanks
        Warrick

        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          1/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received