5 WANS to a single Lan with some http/https servers on



  • Hello im new to pfsense. my isp gave me 5 dhcp ips. so i made 5 wan nic in my esxi server and i got 5 different ips.
    lets say
    Wan  ip 10.10.10.10
    Wan1 ip 10.10.10.11
    Wan2 ip 10.10.10.12
    Wan3 ip 10.10.10.13
    Wan4 ip 10.10.10.14

    and i have 5 https servers

    exchange 192.168.1.13
    webserver 192.168.1.11
    rd gateway 192.168.1.8
    and so on.

    i can only get the nic wan to work. what shall i do to get it working. tryed to make a nat for the other but no signal

    please help me.



  • im not even sure if i put it under the right thing



  • I think with so little information its hard for people to answer.  Basically, you said "I paid for 5 IPs.  What do I do now?"

    Question.  How many public IPs do you expect to reach your servers?



  • i have wan ips and i will like to get 1 to some of the servers and the ip´s are leased by mac adresse



  • What you want to do is straight forward and easy but might get long if you have no experience with multiple public IPs.



  • Take a look through this ongoing thread to see what I'm talking about.  This is still in process.

    http://forum.pfsense.org/index.php/topic,64899.30.html



  • hey sorry just saw you reply let just do it i think i can do it with you help



  • Whats ISP are you using?





  • i have locked these
    31/07-2013 15:49:58 00:0c:29:cf:01:94  to 95.166.xxx.xxx
    30/07-2013 15:50:35 00:0c:29:cf:01:b2  to 95.166.xxx.xxx
    30/07-2013 15:49:12 00:0c:29:cf:01:a8  to 95.166.xxx.xxx
    30/07-2013 15:49:11 00:0c:29:cf:01:9e  to 95.166.xxx.xxx
    30/07-2013 14:50:25 00:0c:29:cf:01:80  to 95.166.xxx.xxx



  • OK - I checked your ISP.  Its Danish. 
    I see that they do give up to 5 IPs and its done via DHCP.  So, thats correct.
    Are you using the zyxel modem?  If so, is it only acting as modem or is it also routing, DHCP, etc?



  • yes zyxel modem thats auto load a setup profile from fullrate and going in briged mode act like a modem



  • OK - Now, I need to know.  What is your gateway address/IP?



  • OK - I'm not sure how you have been trying to route everything here, but I'm pretty sure you want to use Virtual IPs and 1:1 NAT to get your public IPs to each server.  To be clear, are the servers all virtual or will some be physical?



  • all servers are vms amt 
    System: Static Routes
    empty



  • I want you to take a quick look at this.
    Now, the first part of this video deals with bridging and static Public IP assignments.
    You may have to do something like that but I don't think so.  Yours are DHCP assigned.

    So, you probably want to go straight to about 2:50 to the part where Virtual IPs are being assigned.

    http://www.youtube.com/watch?v=zrBr0N0WrTY

    (Sorry - I'm doing about 5 things at once, so earlier I referenced VLAN when I meant VIP.)



  • have seen it before and tryed it



  • OK - Could you post screenshots of your WAN interface assignment, and VIPs you have set up, firewall rules etc?

    The way this should work is your PFsense will get one of your IPs.

    The rest of your IPs should be assignable to VIP.

    Also want to see that each of the clients to pfsense gets an IP to map public IP to.



  • damm they are too large to upload here do you have a email?



  • Nope - I'd reduce their size and save as jpg



  • have to do one and one

    ![Firewall Nat port forward.png](/public/imported_attachments/1/Firewall Nat port forward.png)
    ![Firewall Nat port forward.png_thumb](/public/imported_attachments/1/Firewall Nat port forward.png_thumb)



  • lan

    ![firewall rules Lan.png](/public/imported_attachments/1/firewall rules Lan.png)
    ![firewall rules Lan.png_thumb](/public/imported_attachments/1/firewall rules Lan.png_thumb)



  • wan

    ![firewall rules Wan.png](/public/imported_attachments/1/firewall rules Wan.png)
    ![firewall rules Wan.png_thumb](/public/imported_attachments/1/firewall rules Wan.png_thumb)



  • wan2

    ![firewall rules Wan2.png](/public/imported_attachments/1/firewall rules Wan2.png)
    ![firewall rules Wan2.png_thumb](/public/imported_attachments/1/firewall rules Wan2.png_thumb)



  • wan3

    ![firewall rules Wan3.png](/public/imported_attachments/1/firewall rules Wan3.png)
    ![firewall rules Wan3.png_thumb](/public/imported_attachments/1/firewall rules Wan3.png_thumb)



  • wan4

    ![firewall rules Wan4.png](/public/imported_attachments/1/firewall rules Wan4.png)
    ![firewall rules Wan4.png_thumb](/public/imported_attachments/1/firewall rules Wan4.png_thumb)



  • wan5

    ![firewall rules Wan5.png](/public/imported_attachments/1/firewall rules Wan5.png)
    ![firewall rules Wan5.png_thumb](/public/imported_attachments/1/firewall rules Wan5.png_thumb)



  • firewall vip

    ![firewall vip.png](/public/imported_attachments/1/firewall vip.png)
    ![firewall vip.png_thumb](/public/imported_attachments/1/firewall vip.png_thumb)



  • gateways




  • Interfaces assign network ports

    ![Interfaces Assign network ports.png](/public/imported_attachments/1/Interfaces Assign network ports.png)
    ![Interfaces Assign network ports.png_thumb](/public/imported_attachments/1/Interfaces Assign network ports.png_thumb)



  • nat 1:1

    ![net 1-1.png](/public/imported_attachments/1/net 1-1.png)
    ![net 1-1.png_thumb](/public/imported_attachments/1/net 1-1.png_thumb)



  • static routes

    ![Static routes.png](/public/imported_attachments/1/Static routes.png)
    ![Static routes.png_thumb](/public/imported_attachments/1/Static routes.png_thumb)



  • Here is the thing.

    I don't think you should have 5 WANs.

    I think you should have 1 WAN with IP assigned by DHCP, and pfsense should consume at least that 1 IP

    Then I think you should create a 1 virtual LAN and all of your VM servers should get an IP on that 1 LAN.

    Then I think you should create 4 Virtual IPs to route each of your remaining public IPs to its corresponding private IP assigned to each VM server you are running on your LAN.



  • okay you mean one wan in pfsense and make 4 vlans?



  • i made this then i set my servers up
    pfsense 192.168.1.1
    DCServer 1: 192.168.1.4
    DCServer 2: 192.168.1.5
    Exchange: 192.168.1.13
    DHCP/WDS: 192.168.1.12
    Feature Server: 192.168.1.14
    ADCS/AS: 192.168.1.15
    RDS1: 192.168.1.10
    RDS2: 192.168.1.11
    Sharepoint: 192.168.1.9
    VPN/WUS/RAS: 192.168.1.8
    SQL Server: 192.168.1.7
    Folder Redirection Server: 192.168.1.6
    ESXI DELL: 192.168.1.2
    ESXI IBM: 192.168.1.3
    Router 192.168.1.1
    Dell Remote Mangement Controller: 192.168.1.16
    Reserveret IP`er

    Server Range Range: 192.168.1.2 - 192.168.1.20 NON DHCP> Statisk

    Access Point Range: 192.168.1.21 - 192.168.1.30 NON DHCP> Statisk

    Andet Udstyr Range 192.168.1.31- 192.168.1.40 NON DHCP> Statisk

    User Lease IP 192.168.1.41 - 192.168.1.254 DHCP> Dynamisk IP Mulighed for fast



  • "okay you mean one wan in pfsense and make 4 vlans?"

    Partially.  I mean one WAN on pfsense.

    Then one LAN on pfsense.

    Then attach all of your servers to that LAN interface and have them get static private IPs assigned by you.

    Then use 4 virtual IPs to map your public IP to each corresponding server's private IP on the LAN that you assigned staticly or via DHCP then static map.



  • okay have to set something up under Firewall: Virtual IP Addresses

    can you just download this img and edit with paint and type what i shall type in :D

    ![virtual ip.png_thumb](/public/imported_attachments/1/virtual ip.png_thumb)
    ![virtual ip.png](/public/imported_attachments/1/virtual ip.png)



  • OK - What is the private IP address of the first server you want to work with?

    You must have already changed to 1 WAN and 1 LAN for any of this to work.

    So, assuming you now have only 1 WAN and 1 LAN and your servers are on that LAN and have IPs, what is the IP of the first server and which public IP do you want to map to it?



  • check your pm