2 - WAN and 2 - LAN



  • I have an interesting dilemma.  I run a business out of my house with two servers that share one public IP.  Because I am using residential Internet service, I cannot reliably send email from my Outlook client or my mail server.  This is because my ISP (CableVision/Optimum) voluntarily asked Spamhaus to list all of their residential dynamic IP addresses as possible sources of spam (127.0.0.10).  So my alternative is to get business Internet service instead.  That's the sob story, now on to the technical stuff.

    I have a pfSense 2.0.1 router (2.0.1-RELEASE (amd64) built on Mon Dec 12 18:16:13 EST 2011 FreeBSD 8.1-RELEASE-p6) and have been using pfSense for quite some time.  So I am not a newbie, but I am also not a networking rocket scientist.

    My current network looks like this:

    				Cable Modem (DHCP)
    					    |
    					    |
    					    |
    				   pfSense Router
    				             |
    				   _____|_____
    				   |                 |
    				   |                 |
    			vLAN1	        vLAN2
    			10.0.1.x		10.0.2.x
    
    ```   
    
    With the arrival of business Internet service the layout will look like this:
    
    
    		Cable Modem	(Static)   	Cable Modem (DHCP)
    			  |                               	     |
    			  |      	                             |
    			  |_____________________|
    			            |
    			            |
    			      pfSense Router
    			   	    |
    		          _____|_____
    			   |                |
    			   |                |
    			vLAN1	vLAN2
    		       10.0.1.x	10.0.2.x
    
    
    The new cable modem comes with 5 static IPs, I assume they'll all be in sequence in the same subnet.  Each WAN connection and each LAN connection has a physical NIC.
    
    I don't need anything crazy set up, but I need someone to validate some of my assumptions below.
    
    I am going to consolidate all of the "home" stuff onto the 10.0.1.x/vLAN1 network and route that through the DHCP cable modem which is the legacy residential Internet connection.  I will probably route between vLAN1/vLAN2 like I have set up right now.  The 10.0.2.x/vLAN2 will be my "business" network and use the Static IPs and route through that cable modem.  No need for failover, load balancing and such because it's the same ISP, and my business stuff will stop working on the "home" Internet connection.
    
    I am not familiar with managing multiple static IP addresses on the same NIC.  The pfSense box is a dedicated PC and I will be adding a fourth NIC for the new WAN connection, but I was wondering if I need to add another physical NIC (a fifth one) to use another static IP?  I can get away with using one static IP address because I've been using DYNDNS without any issues for quite some time.  However, I also have a ESXi box running now and may want the ability to use the other four static IP addresses if the need (or excuse) arises.  I've been reading the forums and think 1:1 NAT might be what I need to do, but I've never used it and the documentation is sparse.  If it is what I need to use, a more thorough explanation of how to set it up properly would help.
    
    Once I get everything all set up, I will reply back to my own thread with screen shots and some explanations of how I set this scenario up to contribute to the community.
    
    Thanks in advance!


  • There is no need to get another NIC to use the multiple Public IPs your ISP gave you.

    I have the exact same story on my home network. Although I am using gateway groups to use all available bandwidth.
    To use the static IPs I created an Alias IP on the pfSense BUSINESSWAN NIC and 1:1 NATed it to the static internal IP of the server.



  • Thanks, I did the exact same thing after I got everything configured.

    I had to incorporate some other voodoo because I was lazy and didn't move a server from one subnet to the other.  When I have time later this week I'm going to write out everything I did with screen shots for the benefit of other folks who need to do something similar.  I'm having a dual-WAN for home/office is probably more common that folks think, and using one router to leverage both deserves a FAQ or Wiki.


Locked