Routing to multiple public networks on LAN



  • Hello. My pfsense server is in a data center with all public ips. I have 4 /24 networks. I was able to set up the WAN interface and LAN interface and from the outside I can ping the LAN interface x.x.29.1. The LAN connects to a switch and I have a bunch of servers connected to that switch. I can ping all of the ips on the same network as the LAN ip.

    I set up the virtual interfaces with the other networks. x.x.10.1, x.x.27.1, and x.x.7.1. I cannot ping the machines with these ips. Its like pfsense is not routing the ips that are part of the virtual interfaces.

    Is this not the right way to do this? Thanks for your help.



  • It's been a couple of years since I had multiple public address available to me, so I'm a little bit rusty on the specifics, sorry...

    But, did you setup any NAT's for these VIP's? I'm pretty sure that's a big part of the equation, to get the traffic, including pings, to the appropriate internal machines.

    https://docs.netgate.com/pfsense/en/latest/book/firewall/virtual-ip-addresses.html

    https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-address-feature-comparison.html

    Jeff



  • I may have found it but let me ask first before I take down my other router again. When adding the virtual interface I think maybe I should set the netmask to /24. By default its set to /32 which I didn't even see because its further to the side.



  • @akuma1x

    I don't think NAT is required or even desired with public ip's. Otherwise, for example, email that goes out will show the router WAN ip as the source instead of the actual machine.



  • My mistake was the default /32 when creating virtual interfaces. Changing it to /24 allowed me to ping the other ips on the inside. Again this is for public ips. I am sure for private ips NAT will be required.



  • @LittleCreek said in Routing to multiple public networks on LAN:

    Again this is for public ips. I am sure for private ips NAT will be required.

    Yeah, you're probably right. Like I said, it's been a while, and I'm pretty sure what I did was 1:1 NAT a couple of extra public IP addresses I had to some internal machines.

    Glad you figured it out!

    Jeff



  • Well incoming pings work from the outside but now no traffic originating from the inside can get out. When I turn off the firewall it all works. pfctl -d



  • Anybody have any ideas on this?



  • I have a public ip on the WAN. The data center routes all of my ips to that WAN ip.

    On the LAN I have 4 /24 addresses.

    When I have pfctl -d it all works. As soon as I pfctl -e then it stops working.

    I can't seem to find anybody who uses pfsense in a data center with public ips.


  • LAYER 8 Netgate

    There is nothing special about it.

    They are just addresses.

    You should disable NAT for the public addresses in use on the inside.

    Well incoming pings work from the outside but now no traffic originating from the inside can get out. When I turn off the firewall it all works. pfctl -d

    Do you have rules passing the traffic into that interface from those hosts?


Log in to reply