Use 2 PFSense to have more than one public adress ?

Guldil

Hi,

Here's my goal :

I have one site with pfsense 2.0.1, it's use WAN with Dynamic IP andi have to open 2 Websites with SSL (IIS 7.5 & Exchange 2010).
I have some vmware esx in a datacter with public RIPE available, and i have a working pfsense too.
Is this possible to redirect traffic from my pfsense "vmware" to my local pfsense ?
I tried with ipsec or gre interface and it's not working…

May be it's not possible ?

Thanks

Guldil

sash99

when I had  internal web servers couple years ago i believe I used 1:1 nat  it passed through to the pfsense behind 12 public ips behind it.. but I had  unusual masking from my provider. our server had 13 public ips the pfsense had  x.x.x.66/30 and a   gateway. x.x.x65  the public ips range was x.x.x.81 - 94.. but I also had to configure  pfsense in a different way than it  allowed at that time

snippet of what i had to do at that time
I had a linux  box at that time and was changing over to pfsense and what i had to do to get it to work in pfsense

linux routing table
XX.xx.XX.64   0.0.0.0         255.255.255.252 U     0      0        0 eth0
xx.xx.XX.80   0.0.0.0         255.255.255.240 U     0      0        0 eth1
172.16.0.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1

virtual lan on eth1
ip XX.XX.XX.81
subnet 255.255.255.240
broadcast xx.xx.xx.95

and  lan eth0 – (wan)
ip xx.xx.XX.66
subnet mask 255.255.255.252
broadcast xx.xx.xx.255

pfsense routing table
IPv4
Destination    Gateway    Flags    Refs    Use    Mtu    Netif    Expire
default    xx.xx.xx.65    UGS    0    1427    1500    vr0    
127.0.0.1    127.0.0.1    UH    0    0    16384    lo0    
172.16.0.0/24    link#1    UC    0    0    1500    xl0    
172.16.0.73    6c:f0:49:42:64:2b    UHLW    1    374    1500    xl0    1174
xx.xx.xx.64/30    link#2    UC    0    0    1500    vr0    
xx.xx.xx.65    link#2    UHLW    1    68    1500    vr0    
xx.xx.xx.66    00:0d:87:04:07:25    UHLW    1    51    16384    lo0    
xx.xx.xx.80/28    link#7    UC    0    0    1500    vlan0

example :
ifconfig re0 172.16.16.66/30 broadcast 172.16.16.255
this way every time you restart... you reboot with the proper configurations.
problem after reconfiguration you may need to reboot so things are working properly. (
when setting up your wan,lan or opt within pfsense  set it to the basic ( internet capable setting or network what ever your network priority is)
in this case with the above example it would be 172.16.16.66/24.. ( since these special broadcast configuration in my case only allow multiple ip pass through pfsense--  but if I need the pass through priority then I set it at 172.16.16.66/30 then  these ips  will remain functional )

but I think this is not what your asking  i think you have one public IP and trying to divide between two pfsense routers  and several servers behind that. I think the only way your going to get that work is port forwarding .. and then using domain service to give it user friendly names

Guldil

I don't know how to explain…

Just imagine one pfsense with 2 Public WAN IP and PPTP Server.
I have another site with a WebServer.
This Webserver connect to my pfsense with PPTP Client and the traffic for port 80 of the second WAN IP is redirected to the PPTP Client ?

PPTP Server is just an example, it could be OpenVPN or a direct "tunnel" between the router.