Help setting up multiple public IPs



  • Hi all,

    I have been reading through the forums here with regards to setting up multiple public IPs.

    however I am stuck and can't figure out where i am going wrong!

    btw my setup:
    pfsense 2.1
    on an ESXI host 5.1 U1
    ISP: BT Business Broadband 5 static IPs (pppoe)

    I am at the same kind of stage as this guy:
    http://forum.pfsense.org/index.php?topic=59573.0

    in his last post he wrote:
    On the WAN interface:
    Type    = PPPoE
    Username = [user].btclick.com
    pass = welcome123

    Virtual IPs {i made 5 of these with all IPs in my range}
    Type = IP Alias
    Interface = WAN
    Address = x.y.z.193/29

    1:1 NAT
    Interface = WAN
    External subnet IP = x.y.z.193{one of my publicIPs}
    Internal IP = 10.0.200.1 {one of my internal IPS}

    FireWall
    allowed any port from any source IP to port 22 on 10.0.200.1

    But I cannot ping, ssh, or do anything coming in from the outside or going out from my firewall!
    I created the NAT mappings and firewall rules but still no access either direction.

    As I understand it I should have a random IP on my PPPoE connection which is dynamic and then BT some how "route" the traffic to me for those IPs.

    Hoever as it stands I cannot even ping one of those VIPs from my own LAN?!

    here are some screen shots of my config..any help at this stage is appreciated.




  • have you tried using proxy arp as virtual ip's



  • @miloman:

    have you tried using proxy arp as virtual ip's

    I looked at that but then I couldn't use it to bind services to (which is something I'd like to do) and I couldn't ping it etc.





  • Okay so I made a bit of progress!

    I can ping those vips from my lan and get a reply!

    But i cannot see any traffic coming into my wan when I ping from an outside adress…

    I have done a full packet capture on my wan interface but I can't see any packets coming in with the destinationaddress for my vips.

    Which would suggest that the trafficc isn't being routed to my wan address?



  • Which would suggest that the trafficc isn't being routed to my wan address?

    yes… are you running this as a virtual firewall by any chance?



  • @miloman:

    Which would suggest that the trafficc isn't being routed to my wan address?

    yes… are you running this as a virtual firewall by any chance?

    Yea within esxi 5.1



  • try doing this: https://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting

    this part:
    VMware ESX/ESXi Users
    1. Enable promiscuous mode on the vSwitch
    2. Enable "MAC Address changes"
    3. Enable "Forged transmits"
    4. If you have multiple physical ports on the same vswitch, you must enable the Net.ReversePathFwdCheckPromisc option to work around a vswitch bug where multicast traffic will loop back to the host, causing CARP to not function with "link states coalesced" messages. (See below)

    edit: since you can already ping the vip's from lan (i assume you mean through your switch, and not from another virtual box, then the fix above probably won't help.



  • @miloman:

    try doing this: https://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting

    this part:
    VMware ESX/ESXi Users
    1. Enable promiscuous mode on the vSwitch
    2. Enable "MAC Address changes"
    3. Enable "Forged transmits"
    4. If you have multiple physical ports on the same vswitch, you must enable the Net.ReversePathFwdCheckPromisc option to work around a vswitch bug where multicast traffic will loop back to the host, causing CARP to not function with "link states coalesced" messages. (See below)

    edit: since you can already ping the vip's from lan (i assume you mean through your switch, and not from another virtual box, then the fix above probably won't help.

    Thanks for that - I already had those 3 options enabled as I thought it would probably drop the traffic unless they were.

    the 4th though I think doesn't matter as there is only 1 physical port connected to my vswitch.

    Hmm BT want me to use their modem 1st to see that the IPs are there…

    I'd be happy to troubleshoot this further but my problem is I don't understand how they are "routing" the traffic down my phone line and what their servers are expecting to see from my end.



  • just make sure to post the solution when you find it… it might help others in the future. :)



  • okay this gets weird now…

    for some reason my PPPoE connection picks up an address (random 82.X.X.X address) not the weird part..

    the weird part is that the default gateway for this WAN 82.X.X.X address is a 172.16 address!

    no idea what BT have done here...



  • got and email from BT today..
    turns out they hadn't actually setup my static IPs yesterday!

    it's happening today.

    :(

    I'll keep you updated on my final config once I know it's working.



  • Okay i have this all up and running - the issue was that BT had not setup the bloody service despite telling me several times they had!

    So here is how to setup BT Business infinity with 5 IPs on PFsense:

    WAN:
    Have this setup on PPPoE as usual with the correct user name and password which was provided to you.
    N.B. both the user name and password are case sensitive so make sure you get it right!

    You'll then pick up a random dynamic IP on your WAN interface for general internet access.

    VIPs (your 5 static IPs)
    All you need to do here is on the web gui go: Firewall > Virtual IPs
    Then depending on what kind of VIP you want just create 1 VIP for each static IP you have.
    my settings:
    Type: IP Alias
    Interface: WAN
    IP Address(es): type: Single address, Address: x.x.x.x / 29

    Press save and you are done!

    Now you can play around and NAT things 1:1 or just port forward all you want.

    Enjoy!


Log in to reply