Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help setting up multiple public IPs

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    13 Posts 2 Posters 6.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Deadringers
      last edited by

      Hi all,

      I have been reading through the forums here with regards to setting up multiple public IPs.

      however I am stuck and can't figure out where i am going wrong!

      btw my setup:
      pfsense 2.1
      on an ESXI host 5.1 U1
      ISP: BT Business Broadband 5 static IPs (pppoe)

      I am at the same kind of stage as this guy:
      http://forum.pfsense.org/index.php?topic=59573.0

      in his last post he wrote:
      On the WAN interface:
      Type    = PPPoE
      Username = [user].btclick.com
      pass = welcome123

      Virtual IPs {i made 5 of these with all IPs in my range}
      Type = IP Alias
      Interface = WAN
      Address = x.y.z.193/29

      1:1 NAT
      Interface = WAN
      External subnet IP = x.y.z.193{one of my publicIPs}
      Internal IP = 10.0.200.1 {one of my internal IPS}

      FireWall
      allowed any port from any source IP to port 22 on 10.0.200.1

      But I cannot ping, ssh, or do anything coming in from the outside or going out from my firewall!
      I created the NAT mappings and firewall rules but still no access either direction.

      As I understand it I should have a random IP on my PPPoE connection which is dynamic and then BT some how "route" the traffic to me for those IPs.

      Hoever as it stands I cannot even ping one of those VIPs from my own LAN?!

      here are some screen shots of my config..any help at this stage is appreciated.


      1 Reply Last reply Reply Quote 0
      • M
        miloman
        last edited by

        have you tried using proxy arp as virtual ip's

        1 Reply Last reply Reply Quote 0
        • D
          Deadringers
          last edited by

          @miloman:

          have you tried using proxy arp as virtual ip's

          I looked at that but then I couldn't use it to bind services to (which is something I'd like to do) and I couldn't ping it etc.

          1 Reply Last reply Reply Quote 0
          • M
            miloman
            last edited by

            have you read this? https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F

            1 Reply Last reply Reply Quote 0
            • D
              Deadringers
              last edited by

              Okay so I made a bit of progress!

              I can ping those vips from my lan and get a reply!

              But i cannot see any traffic coming into my wan when I ping from an outside adress…

              I have done a full packet capture on my wan interface but I can't see any packets coming in with the destinationaddress for my vips.

              Which would suggest that the trafficc isn't being routed to my wan address?

              1 Reply Last reply Reply Quote 0
              • M
                miloman
                last edited by

                Which would suggest that the trafficc isn't being routed to my wan address?

                yes… are you running this as a virtual firewall by any chance?

                1 Reply Last reply Reply Quote 0
                • D
                  Deadringers
                  last edited by

                  @miloman:

                  Which would suggest that the trafficc isn't being routed to my wan address?

                  yes… are you running this as a virtual firewall by any chance?

                  Yea within esxi 5.1

                  1 Reply Last reply Reply Quote 0
                  • M
                    miloman
                    last edited by

                    try doing this: https://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting

                    this part:
                    VMware ESX/ESXi Users
                    1. Enable promiscuous mode on the vSwitch
                    2. Enable "MAC Address changes"
                    3. Enable "Forged transmits"
                    4. If you have multiple physical ports on the same vswitch, you must enable the Net.ReversePathFwdCheckPromisc option to work around a vswitch bug where multicast traffic will loop back to the host, causing CARP to not function with "link states coalesced" messages. (See below)

                    edit: since you can already ping the vip's from lan (i assume you mean through your switch, and not from another virtual box, then the fix above probably won't help.

                    1 Reply Last reply Reply Quote 0
                    • D
                      Deadringers
                      last edited by

                      @miloman:

                      try doing this: https://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting

                      this part:
                      VMware ESX/ESXi Users
                      1. Enable promiscuous mode on the vSwitch
                      2. Enable "MAC Address changes"
                      3. Enable "Forged transmits"
                      4. If you have multiple physical ports on the same vswitch, you must enable the Net.ReversePathFwdCheckPromisc option to work around a vswitch bug where multicast traffic will loop back to the host, causing CARP to not function with "link states coalesced" messages. (See below)

                      edit: since you can already ping the vip's from lan (i assume you mean through your switch, and not from another virtual box, then the fix above probably won't help.

                      Thanks for that - I already had those 3 options enabled as I thought it would probably drop the traffic unless they were.

                      the 4th though I think doesn't matter as there is only 1 physical port connected to my vswitch.

                      Hmm BT want me to use their modem 1st to see that the IPs are there…

                      I'd be happy to troubleshoot this further but my problem is I don't understand how they are "routing" the traffic down my phone line and what their servers are expecting to see from my end.

                      1 Reply Last reply Reply Quote 0
                      • M
                        miloman
                        last edited by

                        just make sure to post the solution when you find it… it might help others in the future. :)

                        1 Reply Last reply Reply Quote 0
                        • D
                          Deadringers
                          last edited by

                          okay this gets weird now…

                          for some reason my PPPoE connection picks up an address (random 82.X.X.X address) not the weird part..

                          the weird part is that the default gateway for this WAN 82.X.X.X address is a 172.16 address!

                          no idea what BT have done here...

                          1 Reply Last reply Reply Quote 0
                          • D
                            Deadringers
                            last edited by

                            got and email from BT today..
                            turns out they hadn't actually setup my static IPs yesterday!

                            it's happening today.

                            :(

                            I'll keep you updated on my final config once I know it's working.

                            1 Reply Last reply Reply Quote 0
                            • D
                              Deadringers
                              last edited by

                              Okay i have this all up and running - the issue was that BT had not setup the bloody service despite telling me several times they had!

                              So here is how to setup BT Business infinity with 5 IPs on PFsense:

                              WAN:
                              Have this setup on PPPoE as usual with the correct user name and password which was provided to you.
                              N.B. both the user name and password are case sensitive so make sure you get it right!

                              You'll then pick up a random dynamic IP on your WAN interface for general internet access.

                              VIPs (your 5 static IPs)
                              All you need to do here is on the web gui go: Firewall > Virtual IPs
                              Then depending on what kind of VIP you want just create 1 VIP for each static IP you have.
                              my settings:
                              Type: IP Alias
                              Interface: WAN
                              IP Address(es): type: Single address, Address: x.x.x.x / 29

                              Press save and you are done!

                              Now you can play around and NAT things 1:1 or just port forward all you want.

                              Enjoy!

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.