Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with multiple IP's on an interface

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    2 Posts 1 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tnine
      last edited by

      Hi all,
        I'm sorry if this is an obvious question, but I can't seem to find the answer.  We've been using pfSense for about 6 months with great results, we have a multiwan interface over wireless and DSL.  Now our wireless provider has given us 5 IP's instead of 1.  Here is the range we have.

      116.90.xxx.42/29  (works out to be 116.90.140.42-116.90.140.46)

      I've assigned interface opt2 (WANWireless) this IP and gateway
      IP: 116.90.xxx.42/29
      Gateway: 116.90.xxx.41

      Virtual IP's

      Type : Other(IP)
      IP: 116.90.xxx.43/32

      Now, my existing routing rules are pretty straight forward.  Take a port from the WANWireless Interface and forward it to a host in our DMZ.  Now I just can't seem to figure out how to do multiple IP forwarding.  Basically, I want to allow anyone connecting from any ports to connect to port 80 or 443 on IP 116.90.xxx.43 then forward to internal IP 10.0.2.41 on the same ports.  Any help would be greatly appreciated, and I'd like to document this on the wiki so others have some documentation use.  Attached are my existing rules for the WANWireless interface.

      Thanks,
      Todd

      ![Snapshot 2009-08-21 11-15-48.jpg](/public/imported_attachments/1/Snapshot 2009-08-21 11-15-48.jpg)
      ![Snapshot 2009-08-21 11-15-48.jpg_thumb](/public/imported_attachments/1/Snapshot 2009-08-21 11-15-48.jpg_thumb)

      1 Reply Last reply Reply Quote 0
      • T
        tnine
        last edited by

        So, here is what I've done so far, but I'm having problems.

        Define the new IP under Firewall -> Virtual IP -> Other.  Ip is

        116.90.xxx.43/32

        Go to Firewall -> Nat then define the following rule.

        Under port forward add a new rule
        External address: 116.90.xxx.43
        protocol : TCP
        External Port Range: Web_Server_Ports (alias for TCP ports 22, 80 and 443)
        NAT_IP: Splunk server (alias for 10.0.2.41)
        Local Port: Web_Server_Ports

        Check auto create firewall rule

        Now, from within my network if I ssh, http or https on the IP 116.90.xxx.43 my nat works.  However when I try to hit my public IP externally it doesn't work and I don't see any denied messages in the firewall.  I'm assuming it's something wrong with the way I've defined virtual IPs.  Any ideas what I've done wrong?

        Thanks,
        Todd

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.