Use 2 PFSense to have more than one public adress ?



  • Hi,

    Here's my goal :

    I have one site with pfsense 2.0.1, it's use WAN with Dynamic IP andi have to open 2 Websites with SSL (IIS 7.5 & Exchange 2010).
    I have some vmware esx in a datacter with public RIPE available, and i have a working pfsense too.
    Is this possible to redirect traffic from my pfsense "vmware" to my local pfsense ?
    I tried with ipsec or gre interface and it's not working…

    May be it's not possible ?

    Thanks

    Guldil



  • when I had  internal web servers couple years ago i believe I used 1:1 nat  it passed through to the pfsense behind 12 public ips behind it.. but I had  unusual masking from my provider. our server had 13 public ips the pfsense had  x.x.x.66/30 and a   gateway. x.x.x65  the public ips range was x.x.x.81 - 94.. but I also had to configure  pfsense in a different way than it  allowed at that time

    snippet of what i had to do at that time
    I had a linux  box at that time and was changing over to pfsense and what i had to do to get it to work in pfsense

    linux routing table
    XX.xx.XX.64   0.0.0.0         255.255.255.252 U     0      0        0 eth0
    xx.xx.XX.80   0.0.0.0         255.255.255.240 U     0      0        0 eth1
    172.16.0.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1

    virtual lan on eth1
    ip XX.XX.XX.81
    subnet 255.255.255.240
    broadcast xx.xx.xx.95

    and  lan eth0 – (wan)
    ip xx.xx.XX.66
    subnet mask 255.255.255.252
    broadcast xx.xx.xx.255

    pfsense routing table
    IPv4
    Destination    Gateway    Flags    Refs    Use    Mtu    Netif    Expire
    default    xx.xx.xx.65    UGS    0    1427    1500    vr0    
    127.0.0.1    127.0.0.1    UH    0    0    16384    lo0    
    172.16.0.0/24    link#1    UC    0    0    1500    xl0    
    172.16.0.73    6c:f0:49:42:64:2b    UHLW    1    374    1500    xl0    1174
    xx.xx.xx.64/30    link#2    UC    0    0    1500    vr0    
    xx.xx.xx.65    link#2    UHLW    1    68    1500    vr0    
    xx.xx.xx.66    00:0d:87:04:07:25    UHLW    1    51    16384    lo0    
    xx.xx.xx.80/28    link#7    UC    0    0    1500    vlan0

    example :
    ifconfig re0 172.16.16.66/30 broadcast 172.16.16.255
    this way every time you restart... you reboot with the proper configurations.
    problem after reconfiguration you may need to reboot so things are working properly. (
    when setting up your wan,lan or opt within pfsense  set it to the basic ( internet capable setting or network what ever your network priority is)
    in this case with the above example it would be 172.16.16.66/24.. ( since these special broadcast configuration in my case only allow multiple ip pass through pfsense--  but if I need the pass through priority then I set it at 172.16.16.66/30 then  these ips  will remain functional )

    but I think this is not what your asking  i think you have one public IP and trying to divide between two pfsense routers  and several servers behind that. I think the only way your going to get that work is port forwarding .. and then using domain service to give it user friendly names



  • I don't know how to explain…

    Just imagine one pfsense with 2 Public WAN IP and PPTP Server.
    I have another site with a WebServer.
    This Webserver connect to my pfsense with PPTP Client and the traffic for port 80 of the second WAN IP is redirected to the PPTP Client ?

    PPTP Server is just an example, it could be OpenVPN or a direct "tunnel" between the router.


Log in to reply