Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN static ip address passthrough

    Scheduled Pinned Locked Moved Routing and Multi WAN
    9 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thetallkid
      last edited by

      I have a block of 5 static ip's, D-Link DGS-1100 managed switch, and Pfsense running 2.1.

      DSL modem  –> Pfsense --> managed switch (vlan) --> server

      I need to go beyond a basic vlan setup and assign one of the static ip's to a server assigned to a vlan port on the switch.

      Can I assign an ip from the internal range (10.0.xx.xx), to port 1 to manage the switch?

      Then, is it possible to pass one of the static ip's to the server on a vlan set up on port 2?

      I don't want to use CARP.

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        Perhaps you could edit your post and remove the white spaces.
        I don't think I understand what  you mean by assign it to a VLAN. You don't have to use CARP, you can use IP Alias. Create the IP Alias on the WAN interface, then use a 1:1 or port forward NAT to translate the external IP to an internal IP.

        This is documented well if you can to search the docs and forums.

        1 Reply Last reply Reply Quote 0
        • T
          thetallkid
          last edited by

          Sorry about the white space. Deleted.

          I know how to do a port forward NAT or 1:1.

          Let's forget about the vlan for now. Just want to know if pfsense can pass through a block of static ip's?

          1 Reply Last reply Reply Quote 0
          • P
            podilarius
            last edited by

            I can route, yes.

            1 Reply Last reply Reply Quote 0
            • T
              thetallkid
              last edited by

              How would I set that up?

              1 Reply Last reply Reply Quote 0
              • P
                podilarius
                last edited by

                Setup VLAN on an interface (or have a dedicated intrface and have the VLAN setup on the switch, your choice). Setup of a VLAN is documented at docs.pfsense.org.
                Go to interface, enable the VLAN, and setup IP address, do not set a gateway.
                go to rules, add a rule to allow internet traffic. I would setup an alias that has all private IPs in there (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and allow traffic NOT going to these destinations. This will effectively block traffic to any but the internet. You can put allow rules above that rule to allow specific things through.
                If you are using automatic outbound NAT, your done. If you are using manual, then you need to add a rule for the subnet you set to use WAN address (or some other external) for translation.
                Done.

                1 Reply Last reply Reply Quote 0
                • T
                  thetallkid
                  last edited by

                  Thanks, I will try that and report back.

                  1 Reply Last reply Reply Quote 0
                  • D
                    dellpe
                    last edited by

                    I got the same question. I Go to interface, enable the VLAN in my S5700-52C-EI, and setup IP address, do not set a gateway.How would I do next.Have you already solved this problem?

                    1 Reply Last reply Reply Quote 0
                    • P
                      podilarius
                      last edited by

                      Just go to interfaces and enable the new interface that was created after you assigned the VLAN. Then add firewall rules and NAT rules (if using manual).

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.