Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to config 5 static IP addresses with pfSense

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    3
    6
    508
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jngo
      last edited by

      Hello everyone,

      I am totally new to pfSense. I used to work with Ubiquity EdgeRouter but recently, due to some changes in the office network, we plan to implement pfsense and plan to purchase the Netgate 6100 device
      Our office has a a main LAN where we have 4 PC connected. A PBX system for IP telephony, Mail server, CCTV server, Data Storage server and IOT devices. Each will have its own VLAN
      We have 5 statics IP addresses from the ISP. However, the ISP is assigning each static IP address bases on a MAC address and the type would be DHCP.
      In Ubiquity EdgeRouter, we setup pseudo-ethernet and we can create a MAC address for each of the pethXX interfaces (equivalent to Virtual IP of the pfSense, I guess?) and set it to DHCP. We then call the ISP to cross-check for the MAC address and the ISP will then assign it to the static IP addresses.
      After that, we setup NAT to re-direct the traffic to/from each static IP address to the according services (Mail server, CCTV, PBX, data, etc...) and setup the firewall accordingly.

      Currently, we are running a virtual box with the pfSense OS installed to explore the functionality as well as being familiarized ourselves with the interface.
      Could you please point me to where I could setup and config the additional IP addresses (on the single WAN) in pfSense.

      Thank you very much for your help

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @jngo
        last edited by

        @jngo One usually sets up an IP Alias:
        https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-addresses.html

        Your ISP requires each to have a different MAC though? CARP can do that but that’s intended for a high availability setup.

        https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-address-comparison.html

        I can visualize how they set it up but it doesn’t sound very conducive to using one router.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        J 1 Reply Last reply Reply Quote 1
        • J
          jngo @SteveITS
          last edited by

          @SteveITS The ISP only gives out (as DHCP) a static IP address based on a unique MAC address. And since we have only 1 ISP where the office located, it is very limited choice that we can select!
          So I think, the CARP would be the solution for our situation, correct? IP Alias doesn't seem to have any unique MAC address associated with it...
          Thank you very much for your help

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Rebel Alliance @jngo
            last edited by

            @jngo I don’t know if CARP aliases can just be used like that, but you can try. @stephenw10 may know.

            Thinking bigger why do they require DHCP? Can you not just set up your addresses yourself or will they actually block the traffic? As in, can they just allow that MAC for all the IPs?

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            J 1 Reply Last reply Reply Quote 0
            • J
              jngo @SteveITS
              last edited by

              @SteveITS The ISP is Telus over here. We tried to get them issues an IP-range that has 5 IP addresses to us so we can add them manually in our Interface in EdgeRouter. But not successfully. Any single business static IP address must be bound by 1 unique MAC address of the interface. Therefore, we have to create the virtual interface called Pseudo-ethernet and generate a random MAC for that virtual interface. We then give this MAC address to the ISP and they lock it in the static IP. And, for DHCP, we have no choice as they said it is automatically stick to your MAC address, so we have to config the virtual interface as DHCP to accept the assigned IP address

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @jngo
                last edited by

                @jngo
                That is a very unusual way to get additional IP addresses based on DHCP.
                Typically you get a single (primary) DHCP address and all further IPs you get from the ISP are routed to the primary. So you only need to configure one DHCP interface and can easily use all the assigned IPs.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post