Possible to have more than 2 IP's on single physical WAN int?

  • Is it possible to have for instance

    XXX.XXX.106.5 and XXX.XXX.106.2 attached to the same WAN interface.  Then have traffic coming to each IP address be routed out to different LAN networks using rules?

    Would I simply do this by creating a VLAN and attaching it to the WAN interface?

    I didnt want to attempt this on in production router w/ out a little guidance first.


  • If you're having these ip's from same router/modem then you don't need vlans
    you can use parp, carp(if every ip is in same subnet) or virtual ip.

    And I'm having uncontinous block of ip's in same interface

    And using CARP version of it. Goto check: Firewall:Virtual IP's

  • I found Virtual IP works great in 2.0 for having the router reply to multiple public IP addresses, then 1:1 Nat them inside as needed.

    However, my question is (in preperation for when I get the following i know what i'm doing):
    Can I use Virtual IPs when the subnets are different, and have different default gateways?

    Currently I have x.x.x.201-205 (so subnet of or /29) Default gateway is on x.x.x.206
    I will get another block of y.y.y.97-109 (subnet of /28) where the default gw is y.y.y.110.

    When I add a virtual IP for the new "y" network, how do I tell pfSense what it's default gw should be?  Do I just add a static routes page (or do I use the "gateway" section?)

    Thanks for any help / guidance so that I don't have to worry about how to setup the above once I get the new block (i can just do it).

  • Either proxy arp or virtual-ip can be used. That is said here many many times

  • @Metu69salemi:

    Either proxy arp or virtual-ip can be used. That is said here many many times

    Thanks. But I know it says you can use those two VIP when the subnet is not the same, but I can not find anywhere that it talks about how to set the default route when you use the IP (i.e. in my case for 1:1 NAT'ing).  When the internal machine goes out to the internet will it use the correct default route automatically (just by setting the Virtual IP)? or do I need to setup a rule so that the correct default router is used?

  • If you have only one gateway, then it can be done by manual outbound nat(Firewall:NAT)

Log in to reply