Routede Public IP on OPT1
-
Hi
I have a problem getting a routede Public IP unchanged through to OPT1.
I have 1 Public IP (x.y.z.176/30) with x.y.z.178 as public IP and x.y.z.177 as gateway.
I have 4 Public IPs routede through the above (x.y.z.196-x.y.z.199) - all usable.x.y.z.178 is NATed to 192.168.2.x on LAN
x.y.z.196 is NATed to 192.168.0.x on OPT2
Both works fine. (I'm using AON in Outbound NAT)I need x.y.z.197 (or 198, 199 dosn't matter) routede unchanged to OPT1.
I have to connect OPT1 to a router that is preconfigured, with VPN.
It is essential that no NAT og firewalling is done, as the VPN then fails.
I have tried Bridging, No-Nat, different firewall rules - but I can't seem to
find the right combination.Hope someone can help.
Flemming
-
First thought: if you can work with your upstream provider a little, have them route the whole .196/30 out their .177 interface, rather than specifically to your .178 host - then bridge WAN and OPT1 to talk to the .197 host (which itself will need to use .177 as it's gateway, which requires a route to .176/30 for it to do so). I'd guess use ProxyARP for your current .196 NAT setup.
Second thought: could you setup a private ip pair on OPT1 between your pfsense and this vpn box, so the vpn box has 2 addrs (private and .197)? If so, just static route your .197 addr to the private addr. Not ideal, but…
pfSense doesn't support unnumbered interfaces, does it?
-
Thanks for your input - none of it works though :-(
-
our ISP will not route out of the single interface (they did before - but will not do it anymore: trust me, I tried VERY hard to get them to do it)
-
I tried this to - we had good connection to the internal router - but the VPN connection kept breaking down.
We tried for almost 6 hours - with the same result.
I'm still hoping for a good idea.
-
-
-
I have to use the VPN Router from our provider - so I can't move the VPN over to PFSense :-(
Flemming