Multiple IP on WAN Interface (Resolved)



  • I am pissed that our ISP is even doing this!  But now I need to find a solution! And quick, we only have 9 days left!

    Here is the details:

    Our ISP is restructuring their network and reassigning static IP addresses.  We now have the new IP.  The Old one is good for 10 days.  Then it expires!

    We have many services that use our old public IP, so we need to try and prevent downtime.  My question is how do we add the New IP to PFSense so that the WAN Interface listens on both until we get our DNS entries updated and allow for DNS propagation?

    PfSense 1.0.1
    Old IP is single IP 68.xxx.xxx.xxx /26 mask
    New IP is single IP 72.xxx.xxx.xxx /24 mask

    I am sure the answer is simple, but I am a software developer and not a network guy.  And time is limited for this conversion.  Any help would be appreciated.



  • This should be relatively simple.  Create a 1:1 NAT mapping for the new IP address and re-create all your service allows.  If you're using more than one public-facing IP address, then you may want to consider adding a second WAN interface (adding another NIC to your box) and setting up dual WAN.  It really depends on how your network is currently operating.



  • "'you may want to consider adding a second WAN interface'?  This will not work.  Only have one modem for connecting upstream."

    A simple addition of a hub (or switch) will mitigate this problem rather nicely.

    "The 1:1 NAT looks to only solve part of the problem… it only provides the NAT'ing I need for the new IP to the services.  But it doesn't cover how I get the WAN Interface to listen on the new IP and the old one at the same time.  Do I need a Virtual IP?  If so, which is the best way to set this up?"

    This is what I'm telling you, leave your existing WAN configuration alone, and create a 1:1 NAT mapping to handle the traffic to the new IP address.  Both will work in conjunction with each other very nicely.

    Seeing as how you're not terribly comfortable with this, and because of your time crunch, I may also suggest that you check this out:
    http://www.centipedenetworks.com/products_support_pfsense.php



  • Short story:
    binding multiple ip to one nic would solve another problem for me so if anyone has a quick hack…

    Longer story:
    Im working for an ISP and we attribute block of ip for our clients servers. We want to put a pfsense in front of our clients machines without putting in 1 nic per clients in every firewall... I'm thinking of about 10 ip per nic...  IP are not always in the same subnet.

    should I start a new thread with this?



  • @Waps:

    Short story:
    binding multiple ip to one nic would solve another problem for me so if anyone has a quick hack…

    Longer story:
    Im working for an ISP and we attribute block of ip for our clients servers. We want to put a pfsense in front of our clients machines without putting in 1 nic per clients in every firewall... I'm thinking of about 10 ip per nic...  IP are not always in the same subnet.

    should I start a new thread with this?

    Search the forum for transparent bridging.



  • Now that I had time to work on this after hours when traffic is to a minimal, here is my solution.  It only took 5 minutes to config and test.  All seems fine.

    1. Setup WAN Interface with the new public IP
    2. Created a ProxyARP VIP for Old Wan IP
    3. FW Rules don't need changing … nor do I need 1:1 mapping
    4. Downloaded current XML backup file
    5. Copy/pasted all my NAT rules in backup file for quick duplication
    6. Added this to each duplicate rule: <external-address>Old IP</external-address>
    7. Restored FW with updated XML file
    8. Tested a few of our services and sites which still have DNS with Old IP... all OK
    9. After the Old IP expires I just delete the VIP and duplicate NAT rules.

    I hope this helps someone with a similiar issue.


Log in to reply