Use 2 PFSense to have more than one public adress ?
Guldil last edited by
Here's my goal :
I have one site with pfsense 2.0.1, it's use WAN with Dynamic IP andi have to open 2 Websites with SSL (IIS 7.5 & Exchange 2010).
I have some vmware esx in a datacter with public RIPE available, and i have a working pfsense too.
Is this possible to redirect traffic from my pfsense "vmware" to my local pfsense ?
I tried with ipsec or gre interface and it's not working…
May be it's not possible ?
sash99 last edited by
when I had internal web servers couple years ago i believe I used 1:1 nat it passed through to the pfsense behind 12 public ips behind it.. but I had unusual masking from my provider. our server had 13 public ips the pfsense had x.x.x.66/30 and a gateway. x.x.x65 the public ips range was x.x.x.81 - 94.. but I also had to configure pfsense in a different way than it allowed at that time
snippet of what i had to do at that time
I had a linux box at that time and was changing over to pfsense and what i had to do to get it to work in pfsense
linux routing table
XX.xx.XX.64 0.0.0.0 255.255.255.252 U 0 0 0 eth0
xx.xx.XX.80 0.0.0.0 255.255.255.240 U 0 0 0 eth1
172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
virtual lan on eth1
and lan eth0 – (wan)
subnet mask 255.255.255.252
pfsense routing table
Destination Gateway Flags Refs Use Mtu Netif Expire
default xx.xx.xx.65 UGS 0 1427 1500 vr0
127.0.0.1 127.0.0.1 UH 0 0 16384 lo0
172.16.0.0/24 link#1 UC 0 0 1500 xl0
172.16.0.73 6c:f0:49:42:64:2b UHLW 1 374 1500 xl0 1174
xx.xx.xx.64/30 link#2 UC 0 0 1500 vr0
xx.xx.xx.65 link#2 UHLW 1 68 1500 vr0
xx.xx.xx.66 00:0d:87:04:07:25 UHLW 1 51 16384 lo0
xx.xx.xx.80/28 link#7 UC 0 0 1500 vlan0
ifconfig re0 172.16.16.66/30 broadcast 172.16.16.255
this way every time you restart... you reboot with the proper configurations.
problem after reconfiguration you may need to reboot so things are working properly. (
when setting up your wan,lan or opt within pfsense set it to the basic ( internet capable setting or network what ever your network priority is)
in this case with the above example it would be 172.16.16.66/24.. ( since these special broadcast configuration in my case only allow multiple ip pass through pfsense-- but if I need the pass through priority then I set it at 172.16.16.66/30 then these ips will remain functional )
but I think this is not what your asking i think you have one public IP and trying to divide between two pfsense routers and several servers behind that. I think the only way your going to get that work is port forwarding .. and then using domain service to give it user friendly names
Guldil last edited by
I don't know how to explain…
Just imagine one pfsense with 2 Public WAN IP and PPTP Server.
I have another site with a WebServer.
This Webserver connect to my pfsense with PPTP Client and the traffic for port 80 of the second WAN IP is redirected to the PPTP Client ?
PPTP Server is just an example, it could be OpenVPN or a direct "tunnel" between the router.