How to generate static ip's on pfsense?
-
Hi,
Got four internet connections, all with static ip, all connected on pfsense load balancer.
Pf sense gives ip to clients. All normal so far.I need to be able to give clients static ip.
That means to have a certain client take internet only from one of any connection above and not random as per load balancer.
Help please!!
Thank you in advance for your help -
Use policy routing to specify a gateway for each static LAN IP.
http://doc.pfsense.org/index.php/What_is_policy_routing%3F
Steve
-
Use policy routing to specify a gateway for each static LAN IP.
http://doc.pfsense.org/index.php/What_is_policy_routing%3F
Steve
Thank you Steve. I try it several times.Maybe I do something wrong.
I go Firewall/ rules.
The which top tab I have to choose? Floating/WAN/LAN/OPT1/OPT2/OPT3 ?
Thank you -
Say you have a client machine on LAN. You assign your client a static DHCP based on it's MAC, say, 192.168.1.50. This assumes your LAN interface is still on 192.168.1.1/24.
You need to add a firewall rule on the LAN interface above the 'default allow all' rule:
Source: 192.168.1.50, Destination: any, Gateway: (whichever gateway you want).
Steve
-
Say you have a client machine on LAN. You assign your client a static DHCP based on it's MAC, say, 192.168.1.50. This assumes your LAN interface is still on 192.168.1.1/24.
You need to add a firewall rule on the LAN interface above the 'default allow all' rule:
Source: 192.168.1.50, Destination: any, Gateway: (whichever gateway you want).
Steve
That's what I did. But not sure on source, on type, what category I have to choose?
After this when i do speed test on client machine, which will show me the external ip address, everytime I have a different external ip chosen random from 4 gateways I have.
Nornally after aplying the rule it should show me only one gateway right? the one that i specify on the firewall rule.But doesn't. Something I do wrong on this rule! -
Can you post screen shots of your rules?
The other sections of the rule should probably be left as 'any' unless you want to narrow down the range further.
It sounds like your rule is not catching the traffic for some reason and instead it's being caught by the load balancing rule further down the list.Steve
Edit: Here's an example.
 -
Can you post screen shots of your rules?
The other sections of the rule should probably be left as 'any' unless you want to narrow down the range further.
It sounds like your rule is not catching the traffic for some reason and instead it's being caught by the load balancing rule further down the list.Steve
Edit: Here's an example.
Here what I did so far. I tried it on different ip.
-
Your screen shots are too small, I can't really read anything from them.
However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.Steve
-
Your screen shots are too small, I can't really read anything from them.
However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.Steve
Sorry Steve. i will resend one by one
-
Your screen shots are too small, I can't really read anything from them.
However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.Steve
part2
-
Your screen shots are too small, I can't really read anything from them.
However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.Steve
part 3
 -
Your screen shots are too small, I can't really read anything from them.
However I can just barely see that you have one routed TCP connections. Anyother protocol will not be caugh by those rules and will hit the load balancer.Steve
Theese TCP are just trials that I did. I can delete them all.
So you mean that I can have a such rule just once? only for one Ip? -
you have one routed TCP connections
Sorry, that was a typo. I meant only routed TCP connections.
Your firewall rules look correct. Assuming they are on the correct interface they should be routing those IPs via the specified gateway.
Is that not happening?Steve
Edit: One thing that looks a bit odd is that you are using 20.0.0.* for your LAN. This is not private address space but you seem to be using it as such.
-
you have one routed TCP connections
Sorry, that was a typo. I meant only routed TCP connections.
Your firewall rules look correct. Assuming they are on the correct interface they should be routing those IPs via the specified gateway.
Is that not happening?Steve
Edit: One thing that looks a bit odd is that you are using 20.0.0.* for your LAN. This is not private address space but you seem to be using it as such.
there is only one interface that is used for dhcp, and that is lan.
The static ip will be used for a cctv system/dvr so it can be accessed anywhere from internet. So is needed that the client to get always the same gateway.
Still when I do several speed test on client machine, I have different gateways coming up each time. Drives me crazy. Something is wrong there… -
What speedtest are you using?
Speedtest.net uses only http and hence tcp connections so should be good.
Try changing the protocol to 'any' in your rules.Do you have any floating rules?
If you need it to use only one gateway only because you want it to be accessible from the internet then it doesn't matter.
All external clients will only come in via a single gateway and the replies will always go out via the same gatway since the connection is already in place.Steve
-
What speedtest are you using?
Speedtest.net uses only http and hence tcp connections so should be good.
Try changing the protocol to 'any' in your rules.Do you have any floating rules?
If you need it to use only one gateway only because you want it to be accessible from the internet then it doesn't matter.
All external clients will only come in via a single gateway and the replies will always go out via the same gatway since the connection is already in place.Steve
I use also speedtest.net..
No floating rules.
I need only one gateway only for one specific client.If gateway changes for that client is not good for me.
But still doesn't work.
I need all 4 gateways for the rest of clients so I'll have to have them all connected.
Drives me crazy this. Actually looks so simple, but it doesn't work! Somewhere we are wrong.. -
Just to be sure are you talking about outbound loadbalancing? Reading back through the thread it's unclear.
Did you understand what I said about outbound loadbalancing not affecting services from the internet?
Have you set and manual outbound NAT rules?
You never said why you are using 20.0.0.* for you LAN. :-\
Steve
-
Just to be sure are you talking about outbound loadbalancing? Reading back through the thread it's unclear.
Did you understand what I said about outbound loadbalancing not affecting services from the internet?
Have you set and manual outbound NAT rules?
You never said why you are using 20.0.0.* for you LAN. :-\
Steve
Sorry Steve being a pain for you..
Yes I use the server as a load-balancer.
We are a small internet provider company.So we use it to loadbalance four static internet connections.
I have some clients need static ip for accessing their CCTV system from internet. For this I need a static ip for each
one of them. I don't know if there is a way around it.
I am not an expert on pfsense so excuse if I may not understand some of your questions.
Thank you anyway for your ongoing help..
NAT outbound is set as automatic. -
Hmm, I don't know why that isn't working. I use an almost identical setup at home and it works no problem. Did you change the protocol to 'any'?
How do you have external access setup to the CCTV system?
You would normally use port-forwarding on one WAN to do it. In that situation The URL on which external clients connect to the CCTV box will only ever point to one WAN. It should not make any difference to external clients even if you can't use policy based routing.And the reason you're using 20.0.0.* is…..?
Steve
