Multiple IPs on 1 WAN interface from different subnets
-
I'm currently facing a situation where I need to use 2 different public IPs segments, this is because my ISP is not able to provide me contiguous addresses, so I have
segment 1 - 95.x.x.1/29
segment 2 - 96.x.x.1/29I need to use all 12 IP address from my pfsense box, but I only have 1 WAN interface, since it is only one internet connection but multiple public IPs assigned to it.
Is it possible to use both segments on my pfsense 2.0, just adding "IP alias"? both segments obviously has different gateway address.
Thanks in advance!
-
Works with my cable system here…
-
You can use alias just on same network/mask.
You will need two wans for this setup.
If your provider has only one router with two subnets, ask them to setup routes lan interface with tagged vlans for each network.
Than repeat this setup on switch and pfsense.
-
You can use alias just on same network/mask.
You will need two wans for this setup.
If your provider has only one router with two subnets, ask them to setup routes lan interface with tagged vlans for each network.
Than repeat this setup on switch and pfsense.
That's exactly what I was suspecting :), I'm working with my provider now to find the best solution to it.
just a quick question, I've never configured vlans with any pfsense before, do I need to create sub-interfaces under WAN interface, and assign them to each Vlan, correct?
Thanks for the help!!
-
First assing vlans and then create opt1, opt2, etc using created vlans
-
I got my two VLANs created at pfsense and 2 OPT interfaces assigned to them, but my physical WAN interface is still active and configured with one of the IPs from those vlans, should I remove all IP configuration from WAN interface, and only configure my two OPT interfaces, or how it should be handled?
Thanks again for your assistance!
-
While using vlans, all networks on interface must be tagged.
BACKUP YOUR CONFIG and then change wan interface for one of your vlans.
Be carefull While changing it and reboot when done(Just in case) ;)
-
Not sure why you'd need VLANs for that, in most cases it works fine with just IP Alias VIPs on a single WAN.
This is especially true if both subnets are being handed off to you via the same device, as the MAC address for the gateway in both cases is likely the same, so it doesn't care if you direct the packets at the "wrong" gateway for the subnet because it goes to the same MAC address either way.
Before you go setting up interfaces/vlans/etc, give the aliases method a try.
Routing is the best though, if your ISP can route your second subnet to your firewall's IP address in the first subnet, then you can really use all of the IPs in that segment and don't lose one to their side using a gateway IP that isn't really needed.
Some ISPs refuse to do the routing though but it still works with IP aliases, or in extreme cases you could use bridging to directly assign IPs from the public segments "behind" the firewall.
-
Sorry for piling on an old thread (is it more appropriate to start a new one?) but I have a (somewhat) similar situation and jimp's post gives me hope.
I have a PON from a local ISP. Originally we were assigned a single /28 subnet as follows:
Usable IPs: X.X.X.225 – X.X.X.237
Subnet Mask: 255.255.255.240
Gateway: X.X.X.238A while back due to a unique setup I was trying to work around I had them split that range up into two /29 subnets as follows:
Usable IP Range: X.X.X.225 – X.X.X.229
Subnet Mask: 255.255.255.248
Gateway: X.X.X.230
–--------------------
Usable IP Range: X.X.X.233 – X.X.X.237
Subnet Mask: 255.255.255.248
Gateway: X.X.X.238Now that I'm going with pfsense, I would like it to handle the routing for the entire IP range. I have asked the ISP to recombine the two subnets back into one to make things easier (as well as gain back a few usable IPs) but they are dragging their feet (under new ownership). I still have some hope I can persuade them to do it, but in the worst case scenario I would have to keep things the way they are now, with the two /29 subnets.
As jimp said, both of these subnets come off the same physical device (so the gateway of both subnets maps to the same hardware address). So with that in mind, how would I set this up properly in pfsense 2.1? Do I need to set up both gateways on the interface? Or can I just "pretend" (as far as pfsense is concerned) that it's still just one big /28 subnet and send everything out the X.X.X.238 gateway?
Much appreciate any guidance here. I would really prefer to not have to deal with VLANs for this. I'm going to keep trying to get the ISP to play ball but I need to prepare for the possibility of having to keep the two /29 subnets.
Thanks!
