Multiple IPs on WAN



  • Okay, I'm stuck.

    We have a single WAN interface with a /29 subnet of public IP addresses.  I'm trying to use a 2nd address for a second internal FTP server (one on the main address, want to use a second IP for the other to distinguish between them).  I've tried adding VIPs, setting up port forwarding, setting up 1-1 NAT, but all I get from the outside is the connection timing out.  Obviously I'm missing something.

    One possible complication; the Internet connection goes to a switch, which the pfSense box and two other routers are plugged into.  The other two routers also have IP addresses from the /29 range, but are not otherwise relevant to this situation.  (Parasite offices that share the Internet connection, but aren't otherwise connected to the network.)

    So, what I've got is x.x.x.210 for the main pfSense WAN connection, x.x.x.211 and x.x.x.212 assigned to other routers, and I'm trying to use x.x.x.213 as a second IP on the main WAN, but no joy.

    Any ideas?



  • hi have you check if the ftp server ip is reachable if you assign the address to a machine instead of firewall?

    it is strange but i think this is related to arp request.

    you can try to do this as mentioned before in other posts:

    1. Delete all Proxy-arp VIP’s.
    2. Set your WAN IP to the first desired proxy-arp VIP. A GARP for this IP is sent to the ISP router.
    3. Set your WAN IP to the next desired proxy-arp VIP. A GARP for this IP is sent to the ISP router and so on.
    4. End by setting the final WAN IP as your desired WAN interface. The ISP router will have arp-cached the same hardware NIC address for all your IP's.
    5. Now setup all your proxy-arp VIP’s that were GARP’ed above

    at this point hte settings must work.

    let me know
    Giulio



  • How would you do this if you had 30 or more because setting them one by one really isn't an acceptable solution. Also I do get ARP requests to the router (using packet capture) but they don't port forward or anything.



  • I have the exact same problem as the thread starter. As a workaround it works like gullio said, but only for a few hours.
    The WAN interface is the via-rhine nic of my Via Epia-M. This nic is connected to a Cisco 1700 router from my ISP.
    Is it ARP related? Would it help to use another nic for WAN?


Log in to reply