Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PASSING STATIC WANS / NAT / BRIDGE

    Routing and Multi WAN
    2
    5
    199
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vpaclowvol
      last edited by vpaclowvol

      Hello,

      Just got my hands on XG-7100U and I am looking to use it with multiple static WANS. We have a block of /29 static WAN's from our ISP. We also pass along public net over point to points to other buildings, these buildings have their own LAN router which we do not admin, only passing along WAN for internet access to their furnished equipment. I think I am close but just cannot get it to work. We want to use a single WAN for our local LAN and then pass out other static WAN IP's out the 7100 switch ports. I have the block of IP's added as virtual IP's, not sure what type of NAT would be ideal. Attached is diagram of what is need for visual aid. diagram

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        You need to create another VLAN to the XG-7100 built-in switch (make a pfSense VLAN inerface on lagg0) then remove ETH3 from the LAN VLAN and create a new VLAN on the switch with ports 3,9t,10t and change the PVID on the Ports screen to the new VLAN id.

        You will then have to bridge WAN and the new VLAN interface.

        It would be much cleaner with a WAN interface subnet and another subnet routed to you.

        https://docs.netgate.com/pfsense/en/latest/solutions/xg-7100-1u/switch-overview.html

        https://docs.netgate.com/pfsense/en/latest/book/bridging/index.html

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • V
          vpaclowvol
          last edited by

          That worked perfect thank you!!!!

          If I wanted to limit the bandwidth to 10mbps on that interface would I use Traffic Shaper on the VLAN I created?

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            I would use a limiter

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • V
              vpaclowvol
              last edited by

              I set an upload and download limiter to 10mbit. However it seems no pages load when I enable it on the firewall rules on the vlan created. Should the source be the new vlannet an alias and or the wan net. When I set an any any rule on the new vlan I am able to grab the other wan just fine but I need to restrict the bandwidth. I noticed a bridge vlan was also created when I bridged the new vlan with vlan. Does anything need to be done with this? I've tried just about every source possible in firewall rules with limiters on and it's either I can still ping out to 8.8.8.8 but no web pages load or the limiters do not function .

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.