Route WAN-subnet to LAN-subnet (with identical IPs)



  • I have a server in a datacenter, that is virtualized. All traffic ends up in pfSense in WAN-Port all other virtualizied machines are connected to pfSense's LAN-Port.
    Normally I would do NAT. With NAT all is working. But now I have got an additional subnet from the provider, so I want to give all VMs (virtual machines) its own WAN-IP in that subnet.

    If I would simply bridge all VMs to the servers eth0, every machine is connected to the WAN and the traffic will work in both directions, with the correct IPs.

    So the situation is:

    1. The WLAN-iface has an IP within the datacenter-net. (Gateway is another appliance owned by the provider)
    2. The WLAN-iface gets all traffic for the additional subnet.
    3. The LAN-iface is connected to all VMs. By sending the packets there the correct destination-machine will get the traffic.
    4. The LAN-iface got an IP in the subnet, that all VMs will use as gateway.

    I dont know, how to configure the interfaces and routes/firewall/ips, so that my scenario will work.
    Additionally, when I enter the shell and make a ping to some LAN-IP, it wont work. Something is missing here. Pinging pfSense from another VM is working (tcpdump shows the packages on the LAN-iface). Pinging the LAN-iface from the Web-GUI is working, too! The ping in the shell does not work - some config is missing, I guess.

    Please give me some hint :)


Log in to reply