Multi WAN IP address



  • Hello,

    just finish a fresh install of the pfsense, latest version. my network topology is:

    Internet: (WAN)
    10M Ethernet Connection from ISP, 32static IPs (for example, IP Range 58.73.0.1 - 58.71.0.32)
    Intranet: (LAN)
    100M Ethernet connection between servers and switch, 8
    PC servers with private ip addresses(Server 1=10.0.0.20, Server 2=10.0.0.21,….Server 8=10.0.0.28).

    on ISP DNS server we got 3 domain resolutions:
    www=58.73.0.8 TCP 80
    admin=58.73.0.9 TCP 80
    files=57.73.0.10 TCP 80

    would like to, NAT 58.73.0.8 to 10.0.0.20, 58.73.0.9 to 10.0.0.21, 58.73.0.10 to 10.0.0.22

    the server i installed pfsense is a HP server with 2*built-in LAN interfaces. the LAN ip address set to 10.0.0.1 (same range of my servers), the WAN ip address set to 58.73.0.1
    by this way, seems like i have to change the DNS resolution to 58.73.0.1.

    is there anybody know how can i assign multi IP addresses on the PFsense WAN interface? or i have to have 4 LAN interfaces(LAN, WAN, OPT1, OPT2), then make different NAT?

    many thanks



  • Firwall –> Virtual IPs

    Create as many additional IPs on the WAN interface as you need.
    You can then use these Virtual IPs in the NAT rules.
    If your additional IPs are in the same subnet than the WAN IP itself, i would use CARP VIPs (they are pingable).



  • many thanks for your kindly help.

    now i am adding all of the ips into VIP, but i got an error message when i try to add third ip into VIP, the error message is VHID 1 is already in use. pick a unique number. but the first two IP without any error.

    now i successfully add the third ip into the VIP, i tried:

    1. add the third ip into VIP but the VHID group change from the default 1 to 2
    2. after save, go to edit
    3. change the VHID group from 2 to 1
    4. save and no error

    is there anything i made wrong?

    or each machine need different VHID but need same password?



  • Don't do what you just described.
    Each VIP needs it's own VHID.
    Just put another VHID for each VIP.
    This doesn't affect the functionality.
    The password isn't used for your setup.
    This is if you want hardware-failover between multiple pfSenses.


Log in to reply