Multiple Subnets on Same port…
-
Hi everyone,
I don't think this is possible but I'm hoping there may be a way. I'm getting ready to add a PFsense box to our firewall. Currently we have one 20MBps line bursting to 100. However, we have two /27 subnets that come across the same line. Lets say they are…
192.168.0.160-191
10.0.0.160-191The gateway for both of these subnets is 161... Is there anyway to have both of these subnets on one port? I know I can use VIP to assign an IP from each subnet onto an interface. But I don't think there is any way to create multiple gateways on the same port.
So is this impossible like I think it is without adding a 3rd NIC or can it be done with 2?
Thanks a lot!!
-
You dont need to add multiple gateways.
If you send traffic on an interface with multiple IPs (VIPs) to a gateway, you can choose which IP should appear as source (via AoN rules).You can just use VIPs :)
-
I want to clarify to make 100% sure…
They have separate Gateways. But since they're plugged into the same address the receiving Router obviously has multiple IP addresses on one interface yes? So if it receives a packet with a source IP address on the same subnet it will be able to figure out which one it belongs to??
Since each subnet has it's own gateway do we need to set any gateway at all? This makes sense but confuses me at the same time.
If we only have one gateway set, that will work perfectly for whatever subnet the IP address we do set as gateway is from. But how will it work for the other subnet who's gateway isn't set...
-
Manual outbound nat is what you want to look at
-
I think i understand what your confusion is.
Yes for the additional subnet you will need to set a gateway. However since this is not possible via some interface-config page it's not obvious how to do it.
In such a case i would probably add another NIC to keep things separated.However if you're using 2.0, you can add additional gateways under "System" –> "Routing" --> "Gateways".
-
I am using 2.0… So I am allowed to set multiple gateways per interface on 2.0?? I just tested it and it appears so... However, last question. I know the gateway has to be within the subnet... So if there is a 2nd VIP set on the interface it will allow a gateway from that subnet as well??
Thanks so much everyone who responded. I really appreciate all you guys do for us! I've said it before... Your guys' hard work helps make me look good to my CEO so thank you much. I have your old book and am stoked for the 2.0 Book when it's done!!!
-
If you have carps, the best way(in my opinion) is to separate these gateways on pfsense.
If you can't enable another interface on pfsense, create some vlans on your switch and configure it on pfsense.If both of your links are internet links, this will be very hard to set two 'default' gateways on same interface.
att,
Marcello Coutinho
