4. Multiple WAN addresses

Multiple WAN addresses

  • W

    Hi.

    I have a WAN network that is a /28 net. My question is, how do i use the rest of the addresses beside the one that my WAN adapter uses.

    I have tried to setup up virtual IP's both as Proxy ARP, CARP and Other, but nothing works

    Im running pf 1.2.2

    /Mikkel

    0
  • P

    http://forum.pfsense.org/index.php/topic,7001.0.html

    0
  • W

    I have read all the documentation i could find, and i have searched the forum - before i posted this :-)

    But i cant get it to work - i have tried to tcpdump on the wan adapter, but i cant seen traffic on any other addresses that the wan adapter address.

    0

  • Maybe you should describe a bit more clear what you are trying to achieve.
    "it doesnt work" is noone helping if you're not even telling what doesnt work.

    0
  • W

    Ok, but as i wrote, it is - very simple :-)

    I have a network segment from my ISP that is a /28 net.

    As it is now i can only use the one address that i assign to my WAN adapter, the rest of the net i woul like to use too.

    But if i set them up in virtual IP's, i cannot use them for NAT as i woul like to - even if i set them as CARP they cannot be ping'ed.

    Am i missing something?

    0

  • Did you create a firewall rules as well?

    But basically: you create the VIP, you use the VIP in an NAT rule.
    As simple as that.

    But if you cannot give information to a specific setup your trying to implement (including how you test if it works), i dont think i can help you more.

    0
  • W

    My setup is like this:

    WAN adapter IP: ...178/28  gw ...177

    LAN adapter IP: 192.168.100.254/24

    Virtual IP:
    CARP VHID 1 IP: ..*.179/28

    FW Rules:
    WAN permit any any
    LAN permit any any

    I have tried in the Virtual IP to add the ip ..*.179 as Proxy ARP, Other, and as above, CARP

    I have made a NAT rule to 192.168.100.3 port 80 with ..*.179 as external - So im NOT using ping as a test - But i cannot get any data pass

    I have mads a NET rule to 192.168.100.3 port 22 with ..*.178 as external - Its working fine

    I have tried to change the WAN adapter IP to ..*.179, and its workinn fine.

    Nothing else is configured on the box, everthing is default.

    0
  • W

    So at the moment i have made a workaround:

    Added all my extra IP's in the /28 net in Virtual IP's, then ran "ifconfig le0 alias ..*.179", and so on.

    But thats not really the right way of doing it :-)

    0
  • D

    From your post#6, it looks like you're doing only port forwarding?
    I'm not an expert on this, but if you're trying to map those ip to internal server/system. You can add those ips into VIP as proxy arp and add NAT1:1

    Interface:WAN,  External IP: x.x.x.179 , Internal IP: 192.168.100.3,  Description: Server 1
    Interface:WAN,  External IP: x.x.x.180 , Internal IP: 192.168.100.4,  Description: Server 2

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy