Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to generate static ip's on pfsense?

    Scheduled Pinned Locked Moved General pfSense Questions
    19 Posts 2 Posters 4.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      newserver
      last edited by

      Hi,
      Got four internet connections, all with static ip, all connected on pfsense load balancer.
      Pf sense gives ip to clients. All normal so far.I need to be able to give clients static ip.
      That means to have a certain client take internet only from one of any connection above and not random as per load balancer.
      Help please!!
      Thank you in advance for your help

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Use policy routing to specify a gateway for each static LAN IP.

        http://doc.pfsense.org/index.php/What_is_policy_routing%3F

        Steve

        1 Reply Last reply Reply Quote 0
        • N
          newserver
          last edited by

          @stephenw10:

          Use policy routing to specify a gateway for each static LAN IP.

          http://doc.pfsense.org/index.php/What_is_policy_routing%3F

          Steve

          Thank you Steve. I try it several times.Maybe I do something wrong.
          I go Firewall/ rules.
          The which top tab I have to choose? Floating/WAN/LAN/OPT1/OPT2/OPT3 ?
          Thank you

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Say you have a client machine on LAN. You assign your client a static DHCP based on it's MAC, say, 192.168.1.50. This assumes your LAN interface is still on 192.168.1.1/24.

            You need to add a firewall rule on the LAN interface above the 'default allow all' rule:

            Source: 192.168.1.50, Destination: any, Gateway: (whichever gateway you want).

            Steve

            1 Reply Last reply Reply Quote 0
            • N
              newserver
              last edited by

              @stephenw10:

              Say you have a client machine on LAN. You assign your client a static DHCP based on it's MAC, say, 192.168.1.50. This assumes your LAN interface is still on 192.168.1.1/24.

              You need to add a firewall rule on the LAN interface above the 'default allow all' rule:

              Source: 192.168.1.50, Destination: any, Gateway: (whichever gateway you want).

              Steve

              That's what I did. But not sure on source, on type, what category I have to choose?
              After this when i do speed test on client machine, which will show me the external ip address, everytime I have a different external ip chosen random from 4 gateways I have.
              Nornally after aplying the rule it should show me only one gateway right? the one that i specify on the firewall rule.But doesn't. Something I do wrong on this rule!

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Can you post screen shots of your rules?

                The other sections of the rule should probably be left as 'any' unless you want to narrow down the range further.
                It sounds like your rule is not catching the traffic for some reason and instead it's being caught by the load balancing rule further down the list.

                Steve

                Edit: Here's an example.

                ![policy route rules.jpg](/public/imported_attachments/1/policy route rules.jpg)
                ![policy route rules.jpg_thumb](/public/imported_attachments/1/policy route rules.jpg_thumb)

                1 Reply Last reply Reply Quote 0
                • N
                  newserver
                  last edited by

                  @stephenw10:

                  Can you post screen shots of your rules?

                  The other sections of the rule should probably be left as 'any' unless you want to narrow down the range further.
                  It sounds like your rule is not catching the traffic for some reason and instead it's being caught by the load balancing rule further down the list.

                  Steve

                  Edit: Here's an example.

                  Here what I did so far. I tried it on different ip.

                  ![firewall rules.jpg](/public/imported_attachments/1/firewall rules.jpg)
                  ![firewall rules.jpg_thumb](/public/imported_attachments/1/firewall rules.jpg_thumb)
                  rulepart1.jpg
                  rulepart1.jpg_thumb
                  rulepart2.jpg
                  rulepart2.jpg_thumb

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Your screen shots are too small, I can't really read anything from them.
                    However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • N
                      newserver
                      last edited by

                      @stephenw10:

                      Your screen shots are too small, I can't really read anything from them.
                      However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.

                      Steve

                      Sorry Steve. i will resend one by one

                      rule1.jpg
                      rule1.jpg_thumb

                      1 Reply Last reply Reply Quote 0
                      • N
                        newserver
                        last edited by

                        @stephenw10:

                        Your screen shots are too small, I can't really read anything from them.
                        However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.

                        Steve

                        part2

                        rule2.jpg
                        rule2.jpg_thumb

                        1 Reply Last reply Reply Quote 0
                        • N
                          newserver
                          last edited by

                          @stephenw10:

                          Your screen shots are too small, I can't really read anything from them.
                          However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.

                          Steve

                          part 3

                          ![firewall rules.jpg](/public/imported_attachments/1/firewall rules.jpg)
                          ![firewall rules.jpg_thumb](/public/imported_attachments/1/firewall rules.jpg_thumb)

                          1 Reply Last reply Reply Quote 0
                          • N
                            newserver
                            last edited by

                            @stephenw10:

                            Your screen shots are too small, I can't really read anything from them.
                            However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.

                            Steve

                            Theese TCP are just trials that I did. I can delete them all.
                            So you mean that I can have a such rule just once? only for one Ip?

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              @stephenw10:

                              you have one routed TCP connections

                              Sorry, that was a typo. I meant only routed TCP connections.
                              Your firewall rules look correct. Assuming they are on the correct interface they should be routing those IPs via the specified gateway.
                              Is that not happening?

                              Steve

                              Edit: One thing that looks a bit odd is that you are using 20.0.0.* for your LAN. This is not private address space but you seem to be using it as such.

                              1 Reply Last reply Reply Quote 0
                              • N
                                newserver
                                last edited by

                                @stephenw10:

                                @stephenw10:

                                you have one routed TCP connections

                                Sorry, that was a typo. I meant only routed TCP connections.
                                Your firewall rules look correct. Assuming they are on the correct interface they should be routing those IPs via the specified gateway.
                                Is that not happening?

                                Steve

                                Edit: One thing that looks a bit odd is that you are using 20.0.0.* for your LAN. This is not private address space but you seem to be using it as such.

                                there is only one interface that is used for dhcp, and that is lan.
                                The static ip will be used for a cctv system/dvr so it can be accessed anywhere from internet. So is needed that the client to get always the same gateway.
                                Still when I do several speed test on client machine, I have different gateways coming up each time. Drives me crazy. Something is wrong there…

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  What speedtest are you using?
                                  Speedtest.net uses only http and hence tcp connections so should be good.
                                  Try changing the protocol to 'any' in your rules.

                                  Do you have any floating rules?

                                  If you need it to use only one gateway only because you want it to be accessible from the internet then it doesn't matter.
                                  All external clients will only come in via a single gateway and the replies will always go out via the same gatway since the connection is already in place.

                                  Steve

                                  1 Reply Last reply Reply Quote 0
                                  • N
                                    newserver
                                    last edited by

                                    @stephenw10:

                                    What speedtest are you using?
                                    Speedtest.net uses only http and hence tcp connections so should be good.
                                    Try changing the protocol to 'any' in your rules.

                                    Do you have any floating rules?

                                    If you need it to use only one gateway only because you want it to be accessible from the internet then it doesn't matter.
                                    All external clients will only come in via a single gateway and the replies will always go out via the same gatway since the connection is already in place.

                                    Steve

                                    I use also speedtest.net..
                                    No floating rules.
                                    I need only one gateway only for one specific client.If gateway changes for that client is not good for me.
                                    But still doesn't work.
                                    I need all 4 gateways for the rest of clients so I'll have to have them all connected.
                                    Drives me crazy this. Actually looks so simple, but it doesn't work! Somewhere we are wrong..

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10S
                                      stephenw10 Netgate Administrator
                                      last edited by

                                      Just to be sure are you talking about outbound loadbalancing? Reading back through the thread it's unclear.

                                      Did you understand what I said about outbound loadbalancing not affecting services from the internet?

                                      Have you set and manual outbound NAT rules?

                                      You never said why you are using 20.0.0.* for you LAN.  :-\

                                      Steve

                                      1 Reply Last reply Reply Quote 0
                                      • N
                                        newserver
                                        last edited by

                                        @stephenw10:

                                        Just to be sure are you talking about outbound loadbalancing? Reading back through the thread it's unclear.

                                        Did you understand what I said about outbound loadbalancing not affecting services from the internet?

                                        Have you set and manual outbound NAT rules?

                                        You never said why you are using 20.0.0.* for you LAN.  :-\

                                        Steve

                                        Sorry Steve being a pain for you..
                                        Yes I use the server as a load-balancer.
                                        We are a small internet provider company.So we use it to loadbalance four static internet connections.
                                        I have some clients need static ip for accessing their CCTV system from internet. For this I need a static ip for each
                                        one of them. I don't know if there is a way around it.
                                        I am not an expert on pfsense so excuse if I may not understand some of your questions.
                                        Thank you anyway for your ongoing help..
                                        NAT outbound is set as automatic.

                                        1 Reply Last reply Reply Quote 0
                                        • stephenw10S
                                          stephenw10 Netgate Administrator
                                          last edited by

                                          Hmm, I don't know why that isn't working. I use an almost identical setup at home and it works no problem. Did you change the protocol to 'any'?

                                          How do you have external access setup to the CCTV system?
                                          You would normally use port-forwarding on one WAN to do it. In that situation The URL on which external clients connect to the CCTV box will only ever point to one WAN. It should not make any difference to external clients even if you can't use policy based routing.

                                          And the reason you're using 20.0.0.* is…..?

                                          Steve

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.