Help with multiple IP's on an interface



  • Hi all,
      I'm sorry if this is an obvious question, but I can't seem to find the answer.  We've been using pfSense for about 6 months with great results, we have a multiwan interface over wireless and DSL.  Now our wireless provider has given us 5 IP's instead of 1.  Here is the range we have.

    116.90.xxx.42/29  (works out to be 116.90.140.42-116.90.140.46)

    I've assigned interface opt2 (WANWireless) this IP and gateway
    IP: 116.90.xxx.42/29
    Gateway: 116.90.xxx.41

    Virtual IP's

    Type : Other(IP)
    IP: 116.90.xxx.43/32

    Now, my existing routing rules are pretty straight forward.  Take a port from the WANWireless Interface and forward it to a host in our DMZ.  Now I just can't seem to figure out how to do multiple IP forwarding.  Basically, I want to allow anyone connecting from any ports to connect to port 80 or 443 on IP 116.90.xxx.43 then forward to internal IP 10.0.2.41 on the same ports.  Any help would be greatly appreciated, and I'd like to document this on the wiki so others have some documentation use.  Attached are my existing rules for the WANWireless interface.

    Thanks,
    Todd

    ![Snapshot 2009-08-21 11-15-48.jpg](/public/imported_attachments/1/Snapshot 2009-08-21 11-15-48.jpg)
    ![Snapshot 2009-08-21 11-15-48.jpg_thumb](/public/imported_attachments/1/Snapshot 2009-08-21 11-15-48.jpg_thumb)



  • So, here is what I've done so far, but I'm having problems.

    Define the new IP under Firewall -> Virtual IP -> Other.  Ip is

    116.90.xxx.43/32

    Go to Firewall -> Nat then define the following rule.

    Under port forward add a new rule
    External address: 116.90.xxx.43
    protocol : TCP
    External Port Range: Web_Server_Ports (alias for TCP ports 22, 80 and 443)
    NAT_IP: Splunk server (alias for 10.0.2.41)
    Local Port: Web_Server_Ports

    Check auto create firewall rule

    Now, from within my network if I ssh, http or https on the IP 116.90.xxx.43 my nat works.  However when I try to hit my public IP externally it doesn't work and I don't see any denied messages in the firewall.  I'm assuming it's something wrong with the way I've defined virtual IPs.  Any ideas what I've done wrong?

    Thanks,
    Todd


Log in to reply