Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I have /29 block of WAN IP's, how do i force a vlan out of a specific IP from it

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 3 Posters 385 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wspence
      last edited by

      Good evening. i have a /29 block from my ISP. I put the IP's on the pfsense using Virtual IP's, what im struggling with is how can I force lets say Guest network VLAN 100 to utilize that WAN IP.

      S T 2 Replies Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @wspence
        last edited by

        @wspence outbound NAT rule: https://docs.netgate.com/pfsense/en/latest/nat/outbound.html

        An example: https://docs.netgate.com/pfsense/en/latest/recipes/nat-voip-pbx.html#outbound-nat (though for example a static port isn’t normally needed)

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 1
        • T
          tgl @wspence
          last edited by

          @wspence
          I set up a similar configuration recently. Leave the default outbound NAT rule in place for mapping your main network to the primary WAN address. Select the "Hybrid Outbound NAT" mode to allow you to add custom rules to the default. Then add a custom outbound NAT mapping from the VLAN's address range to the WAN-side address you want it to go out of. Your rule should look like the automatic one except for the specific source and NAT addresses. (The automatic rules have a special case for port 500, which you might or might not feel like duplicating --- I did, but I'm not sure it will ever matter in my use.)

          Don't forget that you need pass/block firewall rules in addition to the NAT mapping. In particular you probably want to block the guest VLAN from reaching your main net, with the possible exception of specific services such as DHCP and DNS.

          1 Reply Last reply Reply Quote 1
          • W
            wspence
            last edited by

            Appreciate it guys i will take a look and test

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.