Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-WAN with same Gateway

    Scheduled Pinned Locked Moved Routing and Multi WAN
    11 Posts 3 Posters 875 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mohkhalifaM
      mohkhalifa
      last edited by mohkhalifa

      Dear Guys,
      I have one router with multiple static IPs. So, How can I use same gateway and same subnet for multiple interfaces ?
      Example:
      Interface-01: 10.0.0.212/24 - GW:10.0.0.2
      Interface-02: 10.0.0.213/24 - GW:10.0.0.2
      Interface-03: 10.0.0.214/24 - GW:10.0.0.2
      Thanks and waiting your kind reply

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        That cannot be done. How should pfSense know, which interface to use to pass traffic to that gateway?

        Since all your IPs are within the same subnet, assign them all to one interface. One as primary interface address and the others as virtual IP of type "IP alias".

        mohkhalifaM 1 Reply Last reply Reply Quote 0
        • mohkhalifaM
          mohkhalifa @viragomann
          last edited by

          @viragomann said in Multi-WAN with same Gateway:

          Since all your IPs are within the same subnet, assign them all to one interface. One as primary interface address and the others as virtual IP of type "IP alias".

          Thanks @viragomann for your reply. Can you explain with details or instructions How Can I do it because it's not clear to me
          Thanks

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @mohkhalifa
            last edited by

            @mohkhalifa
            Just assign 10.0.0.212/24 to the interface and set the gateway.

            For the virtual IPs go to Firewall > Virtual IPs, hit Add, select type "IP Alias" and the interface you've assigned the static IP before. Enter 10.0.0.213 at address and select the correct mask, enter a description if you want and save it.
            Assign the third IP in the same way.

            mohkhalifaM 1 Reply Last reply Reply Quote 0
            • mohkhalifaM
              mohkhalifa @viragomann
              last edited by mohkhalifa

              Thanks @viragomann for your reply. I did what you mentioned BUT at the end I want to create a firewall rule for specific server in my LAN to go through this V-IP or to choose it from the gateway drop menu in the advanced rule options.

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @mohkhalifa
                last edited by

                @mohkhalifa said in Multi-WAN with same Gateway:

                BUT at the end I want to create a firewall rule for specific server in my LAN to go through this V-IP

                You're talking about outbound connection, I guess?

                @mohkhalifa said in Multi-WAN with same Gateway:

                or to choose it from the gateway drop menu

                ❓
                You have only one unique gateway you stated above. So there is no option to choose different.
                What are you trying to achieve with that?

                mohkhalifaM 1 Reply Last reply Reply Quote 0
                • mohkhalifaM
                  mohkhalifa @viragomann
                  last edited by mohkhalifa

                  @viragomann said in Multi-WAN with same Gateway:

                  What are you trying to achieve with that?

                  My router has 3x Static IPs and I want to use them in my LAN. my router Multi-NAT configuration as I mentioned above 1:1 (Public IP = Private IP). So, I understand that I can't use the same gateway for the same subnet. So, I need a way to add them to pfSense and add firewall rule to pass my traffic through these static IPs.
                  Example:
                  VPN= Static IP 1
                  Exchange= Static IP 2
                  Web-server= Static IP 3

                  V 1 Reply Last reply Reply Quote 0
                  • V
                    viragomann @mohkhalifa
                    last edited by

                    @mohkhalifa said in Multi-WAN with same Gateway:

                    my router Multi-NAT configuration as I mentioned above 1:1 (Public IP = Private IP). So, I understand that I can't use the same gateway for the same subnet.

                    You only mentioned static IPs above. Can't see what you're achieving to do with it.

                    @mohkhalifa said in Multi-WAN with same Gateway:

                    Example:
                    VPN= Static IP 1
                    Exchange= Static IP 2
                    Web-server= Static IP 3

                    Assuming, these are the IPs you stated and you have assigned to the WAN interface yet as suggested, you can now add NAT 1:1 rules to these IPs:
                    Go to Firewall > NAT > 1:1 and add a new rule:
                    Interface: WAN
                    External subnet IP: 10.0.0.212
                    Internal IP: single host > e.g. 192.168.64.5
                    Destination: any

                    So pfSense forwards traffic on WAN side with 10.0.0.212 as destination to 192.168.64.5, while outbound from 192.168.64.5 gets 10.0.0.212.

                    However, consider that this NAT rule does not permit any traffic, you also need to add firewall rules to allow traffic to the destination 192.168.64.5 (you must use the internal IP).

                    mohkhalifaM 1 Reply Last reply Reply Quote 0
                    • mohkhalifaM
                      mohkhalifa @viragomann
                      last edited by

                      Thanks @viragomann for your care. I did it but in another way.

                      1 Reply Last reply Reply Quote 0
                      • RicoR
                        Rico LAYER 8 Rebel Alliance
                        last edited by

                        Nice....would you mind share?

                        -Rico

                        mohkhalifaM 1 Reply Last reply Reply Quote 0
                        • mohkhalifaM
                          mohkhalifa @Rico
                          last edited by

                          @rico said in Multi-WAN with same Gateway:

                          Nice....would you mind share?

                          -Rico

                          1- You must have router with a Multi-NAT option
                          2- You have to configure 1:1 Multi-NAT in your router with any IPs from your router's subnet
                          ex:
                          WAN IP-01 x.x.x.x = 192.168.1.11
                          WAN IP-02 x.x.x.x = 192.168.1.12
                          WAN IP-03 x.x.x.x = 192.168.1.13
                          3- If needed, Forward the ports for IPs we already made in step 2 and at the same time allow the ports from the router's interface in pfSense
                          4- Create a Virtual IPs for each IP we already made in the Multi-NAT configuration "Private IPs".
                          5- Create pfSense 1:1 NAT rules for each private IP to our desired Local Server IP
                          ex:
                          Private IP 192.168.1.11 = Local Server IP 172.16.10.11
                          Private IP 192.168.1.12 = Local Server IP 172.16.10.12
                          Private IP 192.168.1.13 = Local Server IP 172.16.10.13
                          6- Create a firewall LAN rule to pass the traffic and MUST choose the gateway for the interface we are working with.
                          7- check the firewall Rules for opened ports in the router's interface we allowed in step.
                          That's all

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.