how to map multiple addresses provided by isp in pfsense

hardikpfsense

Hello,

our isp provides us 3 static address. so the main address is set as wan ip. i want to use another two static address provided by isp to map it to my local network. I don't where i can add them in pfsense. can anyone point me to any of the documentation or tutorial?

NogBadTheBad

@hardikpfsense Are the IP addresses in the same subnet range ?

If they are you'd do a 1:1 NAT:-

https://docs.netgate.com/pfsense/en/latest/nat/1-1.html#configuring-1-1-nat

hardikpfsense

@nogbadthebad said in how to map multiple addresses provided by isp in pfsense:

https://docs.netgate.com/pfsense/en/latest/nat/1-1.html#configuring-1-1-nat

Okay this is what our isp sent us.

WAN

IP - 103.xx.xx.14

Sub net - 255.255.255.252

Gateway - 103.xx.xx.13

---

Public IP Pool - 103.xx.xx.96/29

Network - 103.xx.xx.96

Gateway - 103.xx.xx.97

Broadcast - 103.xx.xx.103

Usable - 103.xx.xx.98 - 103.xx.xx.102

that is why i am bit confused here. how do i use this ? can i directly use 103.xx.xx.98 and do 1:1 mapping

NogBadTheBad

@hardikpfsense If you do a traceroute from the internet to 103.xx.xx.98 does it route via the WAN interface.

You'll probally need to set up the 103.xx.xx.96/29 as a new LAN interface and don't NAT.

hardikpfsense

@nogbadthebad said in how to map multiple addresses provided by isp in pfsense:

If you do a traceroute from the internet to 103.xx.xx.98 does it route via the WAN interface.

Nope. it does not.

You'll probally need to set up the 103.xx.xx.96/29 as a new LAN interface and don't NAT.

our current wan interface is set as 103.xx.xx.14
our current lan interface is set as 192.168.1.1

We only have two ports so we can only set two interfaces. so not sure how we can add lan interface here. if i go to Interfaces > Interface Assignments. there is only two interfaces wan and lan and it does not allow me to add another one.

NogBadTheBad

@hardikpfsense You'll need to add an extra LAN port and switch or use a switch that can handle VLANS.

hardikpfsense

@nogbadthebad

Thank you sir. just for my knowledge i am asking this. if everything is done via wan port how this lan interface we will add translate from wan port ?

viragomann

@hardikpfsense said in how to map multiple addresses provided by isp in pfsense:

Okay this is what our isp sent us.

The question is if the additional /29 subnet is routed to the primary WAN IP.
If so you only need to nat the IPs behind pfSense or nat outbound traffic to them.
The gateway of the /29 wouldn't be needed in this case.

However, since the IP stated a gateway, I assume, it's a real subnet and is not routed.

In this case you can try this: add each usable IP out of the /29 subnet as virtual IP to WAN. Firewall > Virtual IPs. Use type "IP alias" and ensure to state the proper /29 mask.
Then go to System > Routing > Gateways and add the gateway 103.xx.xx.97 to WAN interface.

However, pfSense will use the default gateway for the communication with all IPs as long as you don't add special routes for the other gateway as far as I know.
So it's on the settings of the ISPs gateway to accept packets from the other subnet. Normally it does.

stephenw10

It would be much better if the ISP did route the /29 to you via the WAN IP. A much more flexible setup. You might want to contact them and ask if they can do that.

Steve