MULTIPLE IPS - WAN SETUP TO DIFFERENT LAN SEGMENTS


  • Hi, I have scenario as follows, 7 nics on my virtual firewall running latest build of pfsense.

    em0 > untrust
    em1 > trust-lan01
    em2 > trust-lan02..etc

    Each interface is segregated and have their own ip scheme ie 10.69.10.0, .20.0 etc

    At the moment using auto NAT and firewall rules I am able to surf the internet using the untrust interface ip ( like a global masquerade )

    I have 16 ip addresses from my isp, I would like to assign a static ip per lan interface So if I was to do a whatismyip from trust-lan02 it would be the ip I have assigned and not the untrusted one.

    I tried this by enabling ip alias > then setting 1-1 and a virtual ip however when i do this I can not get access to anything.

    I am new to pfsense please bear with me, I am trialling this over a mikrotik which I am quite comfortable with.


  • With IP Aliases you can assign each IP you got from your ISP to your WAN interface. However, this isn't necessary for your goal, since you have assigned the hole net segment (/28) to WAN if, but it's an advantage in clarity for handling the IPs in pfSense, I think. And it's recommended.

    With 1:1 NAT and port forwarding you can handle incoming traffic (into pfSense), but you want to impact outbound traffic here. So you will need to configure outbound NAT for your requirements.

    On the outbound tab in firewall > NAT select "Manual Outbound NAT rule generation" and click save. Then you should see a list of automatic generated rules for all your assigned subnets under mappings. Edit these rules or generate it manually if they don't exist, under source, choose the subnet you want to handle,  leave protocol, source port and destination to any and at Translation address you can select the IP Alias you have defined before, if you don't select Other Subnet and enter IP and mask below. Leave the translation port to any.