Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to generate static ip's on pfsense?

    General pfSense Questions
    2
    19
    3411
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      newserver last edited by

      Hi,
      Got four internet connections, all with static ip, all connected on pfsense load balancer.
      Pf sense gives ip to clients. All normal so far.I need to be able to give clients static ip.
      That means to have a certain client take internet only from one of any connection above and not random as per load balancer.
      Help please!!
      Thank you in advance for your help

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        Use policy routing to specify a gateway for each static LAN IP.

        http://doc.pfsense.org/index.php/What_is_policy_routing%3F

        Steve

        1 Reply Last reply Reply Quote 0
        • N
          newserver last edited by

          @stephenw10:

          Use policy routing to specify a gateway for each static LAN IP.

          http://doc.pfsense.org/index.php/What_is_policy_routing%3F

          Steve

          Thank you Steve. I try it several times.Maybe I do something wrong.
          I go Firewall/ rules.
          The which top tab I have to choose? Floating/WAN/LAN/OPT1/OPT2/OPT3 ?
          Thank you

          1 Reply Last reply Reply Quote 0
          • stephenw10
            stephenw10 Netgate Administrator last edited by

            Say you have a client machine on LAN. You assign your client a static DHCP based on it's MAC, say, 192.168.1.50. This assumes your LAN interface is still on 192.168.1.1/24.

            You need to add a firewall rule on the LAN interface above the 'default allow all' rule:

            Source: 192.168.1.50, Destination: any, Gateway: (whichever gateway you want).

            Steve

            1 Reply Last reply Reply Quote 0
            • N
              newserver last edited by

              @stephenw10:

              Say you have a client machine on LAN. You assign your client a static DHCP based on it's MAC, say, 192.168.1.50. This assumes your LAN interface is still on 192.168.1.1/24.

              You need to add a firewall rule on the LAN interface above the 'default allow all' rule:

              Source: 192.168.1.50, Destination: any, Gateway: (whichever gateway you want).

              Steve

              That's what I did. But not sure on source, on type, what category I have to choose?
              After this when i do speed test on client machine, which will show me the external ip address, everytime I have a different external ip chosen random from 4 gateways I have.
              Nornally after aplying the rule it should show me only one gateway right? the one that i specify on the firewall rule.But doesn't. Something I do wrong on this rule!

              1 Reply Last reply Reply Quote 0
              • stephenw10
                stephenw10 Netgate Administrator last edited by

                Can you post screen shots of your rules?

                The other sections of the rule should probably be left as 'any' unless you want to narrow down the range further.
                It sounds like your rule is not catching the traffic for some reason and instead it's being caught by the load balancing rule further down the list.

                Steve

                Edit: Here's an example.

                ![policy route rules.jpg](/public/imported_attachments/1/policy route rules.jpg)
                ![policy route rules.jpg_thumb](/public/imported_attachments/1/policy route rules.jpg_thumb)

                1 Reply Last reply Reply Quote 0
                • N
                  newserver last edited by

                  @stephenw10:

                  Can you post screen shots of your rules?

                  The other sections of the rule should probably be left as 'any' unless you want to narrow down the range further.
                  It sounds like your rule is not catching the traffic for some reason and instead it's being caught by the load balancing rule further down the list.

                  Steve

                  Edit: Here's an example.

                  Here what I did so far. I tried it on different ip.

                  ![firewall rules.jpg](/public/imported_attachments/1/firewall rules.jpg)
                  ![firewall rules.jpg_thumb](/public/imported_attachments/1/firewall rules.jpg_thumb)



                  1 Reply Last reply Reply Quote 0
                  • stephenw10
                    stephenw10 Netgate Administrator last edited by

                    Your screen shots are too small, I can't really read anything from them.
                    However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • N
                      newserver last edited by

                      @stephenw10:

                      Your screen shots are too small, I can't really read anything from them.
                      However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.

                      Steve

                      Sorry Steve. i will resend one by one


                      1 Reply Last reply Reply Quote 0
                      • N
                        newserver last edited by

                        @stephenw10:

                        Your screen shots are too small, I can't really read anything from them.
                        However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.

                        Steve

                        part2


                        1 Reply Last reply Reply Quote 0
                        • N
                          newserver last edited by

                          @stephenw10:

                          Your screen shots are too small, I can't really read anything from them.
                          However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.

                          Steve

                          part 3

                          ![firewall rules.jpg](/public/imported_attachments/1/firewall rules.jpg)
                          ![firewall rules.jpg_thumb](/public/imported_attachments/1/firewall rules.jpg_thumb)

                          1 Reply Last reply Reply Quote 0
                          • N
                            newserver last edited by

                            @stephenw10:

                            Your screen shots are too small, I can't really read anything from them.
                            However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.

                            Steve

                            Theese TCP are just trials that I did. I can delete them all.
                            So you mean that I can have a such rule just once? only for one Ip?

                            1 Reply Last reply Reply Quote 0
                            • stephenw10
                              stephenw10 Netgate Administrator last edited by

                              @stephenw10:

                              you have one routed TCP connections

                              Sorry, that was a typo. I meant only routed TCP connections.
                              Your firewall rules look correct. Assuming they are on the correct interface they should be routing those IPs via the specified gateway.
                              Is that not happening?

                              Steve

                              Edit: One thing that looks a bit odd is that you are using 20.0.0.* for your LAN. This is not private address space but you seem to be using it as such.

                              1 Reply Last reply Reply Quote 0
                              • N
                                newserver last edited by

                                @stephenw10:

                                @stephenw10:

                                you have one routed TCP connections

                                Sorry, that was a typo. I meant only routed TCP connections.
                                Your firewall rules look correct. Assuming they are on the correct interface they should be routing those IPs via the specified gateway.
                                Is that not happening?

                                Steve

                                Edit: One thing that looks a bit odd is that you are using 20.0.0.* for your LAN. This is not private address space but you seem to be using it as such.

                                there is only one interface that is used for dhcp, and that is lan.
                                The static ip will be used for a cctv system/dvr so it can be accessed anywhere from internet. So is needed that the client to get always the same gateway.
                                Still when I do several speed test on client machine, I have different gateways coming up each time. Drives me crazy. Something is wrong there…

                                1 Reply Last reply Reply Quote 0
                                • stephenw10
                                  stephenw10 Netgate Administrator last edited by

                                  What speedtest are you using?
                                  Speedtest.net uses only http and hence tcp connections so should be good.
                                  Try changing the protocol to 'any' in your rules.

                                  Do you have any floating rules?

                                  If you need it to use only one gateway only because you want it to be accessible from the internet then it doesn't matter.
                                  All external clients will only come in via a single gateway and the replies will always go out via the same gatway since the connection is already in place.

                                  Steve

                                  1 Reply Last reply Reply Quote 0
                                  • N
                                    newserver last edited by

                                    @stephenw10:

                                    What speedtest are you using?
                                    Speedtest.net uses only http and hence tcp connections so should be good.
                                    Try changing the protocol to 'any' in your rules.

                                    Do you have any floating rules?

                                    If you need it to use only one gateway only because you want it to be accessible from the internet then it doesn't matter.
                                    All external clients will only come in via a single gateway and the replies will always go out via the same gatway since the connection is already in place.

                                    Steve

                                    I use also speedtest.net..
                                    No floating rules.
                                    I need only one gateway only for one specific client.If gateway changes for that client is not good for me.
                                    But still doesn't work.
                                    I need all 4 gateways for the rest of clients so I'll have to have them all connected.
                                    Drives me crazy this. Actually looks so simple, but it doesn't work! Somewhere we are wrong..

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10
                                      stephenw10 Netgate Administrator last edited by

                                      Just to be sure are you talking about outbound loadbalancing? Reading back through the thread it's unclear.

                                      Did you understand what I said about outbound loadbalancing not affecting services from the internet?

                                      Have you set and manual outbound NAT rules?

                                      You never said why you are using 20.0.0.* for you LAN.  :-\

                                      Steve

                                      1 Reply Last reply Reply Quote 0
                                      • N
                                        newserver last edited by

                                        @stephenw10:

                                        Just to be sure are you talking about outbound loadbalancing? Reading back through the thread it's unclear.

                                        Did you understand what I said about outbound loadbalancing not affecting services from the internet?

                                        Have you set and manual outbound NAT rules?

                                        You never said why you are using 20.0.0.* for you LAN.  :-\

                                        Steve

                                        Sorry Steve being a pain for you..
                                        Yes I use the server as a load-balancer.
                                        We are a small internet provider company.So we use it to loadbalance four static internet connections.
                                        I have some clients need static ip for accessing their CCTV system from internet. For this I need a static ip for each
                                        one of them. I don't know if there is a way around it.
                                        I am not an expert on pfsense so excuse if I may not understand some of your questions.
                                        Thank you anyway for your ongoing help..
                                        NAT outbound is set as automatic.

                                        1 Reply Last reply Reply Quote 0
                                        • stephenw10
                                          stephenw10 Netgate Administrator last edited by

                                          Hmm, I don't know why that isn't working. I use an almost identical setup at home and it works no problem. Did you change the protocol to 'any'?

                                          How do you have external access setup to the CCTV system?
                                          You would normally use port-forwarding on one WAN to do it. In that situation The URL on which external clients connect to the CCTV box will only ever point to one WAN. It should not make any difference to external clients even if you can't use policy based routing.

                                          And the reason you're using 20.0.0.* is…..?

                                          Steve

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post