How to put IP Aliases in LAN?

syedadi

I've 2 network in my enviroment:

1> 192.168.0.0/24
2> 192.168.2.0/24

my PfSense box is in 192.168.0.0/24 segment,my problems is, myBOX cannot see the second segment. how do i setting my LAN so that the LAN can join the second segment(192.268.2.0/24) with out putting any additional NIC?

This setting can be done, but i don't find it in the web configuration, the LAN only can have 1-IP

Nachtfalke

Hi,

not sure how this works in pfsense but I think there is an option "Virtual IP". I think this could help you (if you do not have/like tuj use VLANs)

syedadi

OK thanks 4 the info…i try..

syedadi

Can you show me step-by-step to this..I think i'm lost it…to much to configure i assume: :'(

This is the step i'v take:  ??? ??? ???

1. Firewall: Virtual IP Addresses
    >i put a IP Alias in LAN there with 192.168.2.0/24 network
2. Interfaces: Assign network ports
    >Interfaces: VLAN
      >> i put one IP fo VLAN at LAN interface with VLAN tag 1
3. Interfaces: Assign network ports
    >I put the new interface OPT1 (VLAN 1)
4. Interfaces: OPT1
    > i enable the interface
    > i put the new IP in the OPT1 with 192.168.2.222

I still can't ping any client in 192.168.2.0/24 network, help me please

Nachtfalke

Hi,

as I said in my previous post I do not know how this is working with pfsense.
Perhaps someone else can give you more advice or you will find some help in the forum when searching for "virtual IP".

Sorry but if I could I would help you!

wallabybob

Why don't you just change the network mask on all systems to 22 bits: 192.168.0.0/22 so that 192.168.0.0/24 and 192.168.2.0/24 are in the same network?

You haven't said you need any isolation between 192.168.0.0/24 and 192.168.2.0/24 so put them in the same network.

Nachtfalke

@wallabybob:

Why don't you just change the network mask on all systems to 22 bits: 192.168.0.0/22 so that 192.168.0.0/24 and 192.168.2.0/24 are in the same network?

You haven't said you need any isolation between 192.168.0.0/24 and 192.168.2.0/24 so put them in the same network.

This could work but just to make it clear:
There will NEVER be a kind of isolation from sight of security between the "subnets" because the pfsense will never be involved if traffic is only transferred on Layer 2.

syedadi

@Nachtfalke:

@wallabybob:

Why don't you just change the network mask on all systems to 22 bits: 192.168.0.0/22 so that 192.168.0.0/24 and 192.168.2.0/24 are in the same network?

You haven't said you need any isolation between 192.168.0.0/24 and 192.168.2.0/24 so put them in the same network.

This could work but just to make it clear:
There will NEVER be a kind of isolation from sight of security between the "subnets" because the pfsense will never be involved if traffic is only transferred on Layer 2.

Thanks,

But i can't do this, the reason my network have two isolated subnet because of the security, so changing the subnetmask is not piratical.

wallabybob

@syedadi:

the reason my network have two isolated subnet because of the security, so changing the subnetmask is not piratical.

You may find it helpful to read http://forum.pfsense.org/index.php/topic,39604.0.html

It is not a trivial task to provide real isolation between two subnets sharing the same ethernet segment.