Same gateway IP on multiple WAN interfaces?

grateful · Dec 29, 2018, 10:01 AM

Hi,
Firs I need to warn - my knowledge in the FreeBSD/pfsense field is close to none.

Version 2.4.4-RELEASE-p1 (amd64)
built on Mon Nov 26 11:40:26 EST 2018
FreeBSD 11.2-RELEASE-p4

I have 10 WAN interfaces originating from two ONTs (5 interfaces each via switch). Both ONT's are from the same ISP and all WAN interfaces get their IP's via DHCP.
The problem I am having is that if any 2 interfaces get the same Gateway from the IPS DHCP either both will be status UNKNOWN or sometimes one will be online and the other Offline. I have read somewhere that it is a FreeBSD limitation but I just couldn't understand how this works. Does the interface goes down and no traffic can go trough or is it just dpinger that can not monitor the interface?

Somewhere I read that the only solution is to put a separate router on each of the WAN interfaces so that PfSense will see different gateways... but is this the only solution? IF it comes to that i will put 10 routers next to the pfsense box but only if this is the only solution as each extra node increases the chances of failure and also affects the latency (I guess).

Thank you for your time.

Kartoff · Dec 29, 2018, 2:08 PM

Why you should need to do that ??? The only reason comes in mind is when you have per IP shaper and want to aggregate bandwidth ?

johnpoz · Dec 29, 2018, 2:17 PM

@grateful said in Same gateway IP on multiple WAN interfaces?:

I have 10 WAN interfaces originating from two ONTs (5 interfaces each via switch)

Your going to have to explain why.. What are you trying to accomplish here? Do you have multiple IP from your ISP? Are these connections lower bandwidth and your trying to get enough to the ONT to use up your actual connection.

I for the life me can not see a point to a connection like that.. Why do you need to run 5 cables to pfsense for each connection?

grateful · Dec 29, 2018, 2:42 PM

Thanks for taking the time to reply @kartoff

@kartoff said in Same gateway IP on multiple WAN interfaces?:

Why you should need to do that ???

I have multiple IP's from the same ISP (5 per fibre to be exact) and this is the only logical setup I could think of for using them.
Why I need them? - Web server behind the firewall that I need to be accessible from as many different public IP's as possible for the purpose of SEO.

grateful · Dec 29, 2018, 2:50 PM

Thanks for your reply @johnpoz
@johnpoz said in Same gateway IP on multiple WAN interfaces?:

I have 10 WAN interfaces originating from two ONTs (5 interfaces each via switch)
Your going to have to explain why.. What are you trying to accomplish here? Do you have multiple IP from your ISP?

As per my reply above:
I have multiple IP's from the same ISP (5 per fibre to be exact) and this is the only logical setup I could think of for using them. fibre->ONT->Switch->5 cables->5 wan interfaces
Why I need them? - Web server behind the firewall that I need to be accessible from as many different public IP's as possible for the purpose of SEO.

@johnpoz said in Same gateway IP on multiple WAN interfaces?:

I for the life me can not see a point to a connection like that.. Why do you need to run 5 cables to pfsense for each connection?

This is the only way I could think of to bring more external IP's to my web server behind the PfSense box.

johnpoz · Dec 29, 2018, 2:54 PM

Just setup VIPs

grateful · Dec 29, 2018, 3:27 PM

Thanks for the reply @johnpoz
@johnpoz said in Same gateway IP on multiple WAN interfaces?:

Just setup VIPs

I looked in to VIP's but I can not see how would this work in my case as my external IP's are assigned via DHCP and from what I could understand in my 5 minute research is VIP's only work with static IP?
Also my ISP needs a MAC address for each IP, which I type manually in advance in my ISP website(control panel).

johnpoz · Dec 29, 2018, 4:37 PM

So do all of these IPs you get come from the same netblock when you make your reservation on their website?

Just set reservation and then set them static.. Just make up a mac address.

Your going to have nothing but issues trying to setup 10 different connections that all have the same network info on them, be it dhcp or not..

grateful · Dec 30, 2018, 7:24 AM

@johnpoz
To me it looks like the isp has about 30 or 40 gateways and assignes them randomly on whoever gets connected. The IP’s I get are from the same subnet as the gateway for this particular interface.
I can not reserve IP’s and make them static. The IP’s are dynamic via DHCP.
What I do on my ISP website is to give them a list of MAC addresses which will be allowed to get dynamic IP from the DHCP.
What happens now is - because the dhcp gives us a random IP’s for all the WAN interfaces, some of them will receive an IP from the same subnet which means - the same gateway as well. This is where one of them or both WANs will fail.
So, apart from putting 10 cheap routers in front of the wan interfaces is there anything else I can do?

johnpoz · Dec 30, 2018, 9:34 AM

Yeah get an ISP that allows you to actually route a cidr block of IPs to you if you want to use them like your using so you can actually put them behind pfsense vs being wan IPs..

Then you would have actual transit networks for your different ISP connections...

Option 2
Put your services in actual DC that will assign you IP block vs ding what amounts to a home user hack trying to run services off dynamic IPs..

Why are you dealing with dynamic IPs? Just don't get it - get a block of addresses and route it to you so you can do this correctly..