Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple WAN addresses

    Scheduled Pinned Locked Moved NAT
    3 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jovball
      last edited by

      I am not sure if this is the correct forum but I'll start here. I am trying to set up pfsense for the first time with the goal of replacing a Cisco PIX box. I have several blocks of public IP addresses and am not sure how to configure the WAN/NAT for them.

      As a example, two blocks of public IP addresses: 111.xx.xx.33 to 111.xx.xx.38 and 111.xx.xx.57 to 111.xx.xx.62. Most of these addresses are going to websites with SSL. So 111.xx.xx.33 HTTP/S needs to go to 192.xx.xx.33 on the same ports.

      Any instructions would be appreciated.

      1 Reply Last reply Reply Quote 0
      • S
        Smakodak
        last edited by

        Hi there

        I have an issue that is similar to the one mentioned above. It seems that I cannot make pfsense route.

        My test setup is as follows:

        1. Pfsense 1.2RC2 embedded on Soekris Net5501 acting isp:
          Lan: 192.168.1.1
          Wan: 83.xx.xxx.xx1/30

        2. Pfsense 1.0.1 live-cd-installer on a supermicro platform with two 100/1000 nics,
          with the following interfaces:
          Lan (nic 1) 192.168.1.1/30 - this will only be used for local management.
          Wan (nic 2) 83.xx.xxx.xx2/30 - gateway:  83.xx.xxx.xx1 (isp)
          Global Scope (vlan101 on nic 2) 87.xx.xxx.1/26
          Management (vlan4000 on nic 2) 172.xx.x.x/16

        3. Pfsense 1.0.1 live-cd-installer on a supermicro platform with two 100/1000 nics,
          with the following interfaces:
          Lan (nic 1) 192.168.1.1/30 - this will only be used for local management.
          Wan (vlan101 on nic 2) 87.xx.xxx.8/26  –  gateway: 87.xx.xxx.1
          Lan1 (vlan3 on nic 2) 10.3.x.x/22
          Lan2 (vlan5 on nic 2) 10.5.x.x/22

        4. PC acting client. Connected to Lan1.

        Everything is hooked up in a L3 switch, and i’m allmost homefree, except for one thing.
        When pinging “1/Wan” from “2/Global Scope”, I get NO response.
        When pinging “1/Wan” from “2/Wan/Lan/Management”, I get response.
        When pinging “2/Wan” from “1/Wan/Lan”, I get response.
        The “4/PC client” can reach “2/Wan”. The problem is only the routing of the Global Scope in/out of the “2/Wan”.
        On “2” I have enabled Advanced outbound nat. I have created nat-rules for Lan and Management interfaces, and firewall rules for every interface. Attached is screenshots of these settings.

        image001.jpg
        image001.jpg_thumb
        image002.jpg
        image002.jpg_thumb
        image003.jpg
        image003.jpg_thumb
        image004.jpg
        image004.jpg_thumb
        image005.jpg
        image005.jpg_thumb

        1 Reply Last reply Reply Quote 0
        • GruensFroeschliG
          GruensFroeschli
          last edited by

          You dont have an AON rule for your global scope.
          I dont think that you can route out the WAN without NAT.

          We do what we must, because we can.

          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.