Multiple Public IPs routing from/to VLANs



  • Hy there!

    I have a few problems with my scenario and I was hoping that someone here could help me out. My ISP gave me 5 public IPs and I would like to accomplish something like this:
    PublicIP x.x.x.134 -> VLAN10
    PublicIP x.x.x.135 -> VLAN20
    PublicIP x.x.x.136 -> VLAN30

    So, the primary network has VLAN10, VLAN20 is for WiFi for guests and VLAN30 in let's say for one PC outside of my primary network.. All the VLANs are separate and devices from VLAN10 can't access VLAN20 and vice versa.. Same goes to VLAN30!

    OK, I have no problem with VLAN.. The main problem is, that I don't know how to route everything so that VLAN10 would have one public IP and VLAN20 would have another one.. I tried with "virtual IP's", "1:1 NAT", outbound NAT. What am I doing wrong? Did anyone tried to build a scenario like this and worked?

    The line is IP/MLPS with 5 IP's + one for gateway. I don't know what type of the network it is, but if i set my public IP to x.x.x.134 then it has that public IP. If I set it to x.x.x.135 then I have 135 for public IP.

    The box I have for pfSense has 2 gigabit NIC.. One for WAN and one for LAN. Do I need one NIC for each public IP?

    Regards, Tadej



  • Are you trying to send data out from each VLAN to a different public IP? If that's the case, manual outbound NAT is your answer. If you're trying to do something else, please describe it more in-depth, as you could be talking about sending data incoming to the public IP to a single host on each VLAN, or thinking that you can send it to every host, or a number of other things.



  • Hy again! I'ts been a years since my question.. I didn't find my solution then so I solved my problem with another AP and configurated a seperate network for WiFi. Now, i came back to the original problem and I would really appreciate any solution..

    My scenario that I would like to accomplish is in the attachment.. Is it even possible?

    Just to clear things up: pfSense box has two NICs - one for each public IP. VLAN1 clients would get IP from DHCP server from another server, VLAN2 clients would get the IP from pfSense DHCP server… The point of VLAN2 is that the clients on VLAN2 wouldn't get access to VLAN1 network..

    P.S.: sorry for my bad morning english :)




  • I expect you can change to manual Outbound NAT and specify for each private-side IP subnet what public IP it shoud NAT to.
    You cannot use gateway groups and policy routing because all your public IPs actually go to a single gateway IP with your ISP.


Log in to reply