Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Three Public IP Ranges to NAT - one with gateway, two without

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    2 Posts 1 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mevans336
      last edited by

      Hello Everyone,

      We are running pfSense 2.0.1 at both ends. In datacenter1, my pfSense device has 4 physical interfaces and is running HA. In datacenter2, my pfSense device has 2 physical interfaces and has not been installed yet.

      I am focusing on datacenter2 in this post.

      Our facility is providing us BGP address failover between our two datacenters.

      In each datacenter, we have a /30 that will become our "WAN" and it has a gateway of our provider's BGP device. It was explained to me that their device will "NAT" to the /27 and /28 mentioned and forward all ports/traffic to/from those two ranges.

      In datacenter2, our current /28 will become a standard range without a defined gateway. We have a /27 in our primary datacenter (datacenter1) that will swing back and forth, also with no defined gateway.

      My question is, if I configure the default WAN interface with the /30, will I be able to keep NAT functionality if I want to use a /24 private address range on the LAN side?

      If so, how should I configure the /28 and /27 on the WAN side, as virtual IPs bound to the WAN interface? If so, which type should I use? (http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F)

      As a bonus, if I configure the /27 and /28 as VIPs, would someone explain how pfSense knows to use the /30 as the gateway?

      Here is an example of what I am thinking I need to configure:

      WAN: 10.0.0.216/30 (Gateway of 10.0.0.217, WAN IP assignment of 10.0.0.218)
      WAN-VIP1: 10.0.2.0/28 (Configured as IP Alias on WAN interface)
      WAN-BGP: 10.0.3.0/27 (Configured as IP Alias on WAN interface)
      LAN - 192.168.1.1/24

      All the WAN blocks mentioned above are valid public IP address ranges in the 68.x.x.x and 72.x.x.x networks.

      Thank you for any guidance you can provide.

      Cheers,

      Matt

      1 Reply Last reply Reply Quote 0
      • M
        mevans336
        last edited by

        Scratch this topic. My co-lo provider was handing BGP to us incorrectly. They've since configured it to hand off to us correctly, so I am no longer confused.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.