Easier way to add a C Class to PFsense instead of 1 by 1?



  • Hello,

    i have a C Class, and for now i just add 1 ip at a time under Virtual IP's for our class.

    Is there a quicker way to just add the C Class under Virtual IP's instead of 1 by one?

    Or are they have to be added 1 by 1 so things like menu options for NAT and firewall rules can be choose specific IP's in the drop down menus?





  • Under Firewall - Virtual IPs - Add (+) - IP Address(es) - Type has a selection for Network.  You could try putting your class C there.


  • Rebel Alliance Moderator

    @SysIT: Don't know what you're doing. Why are you adding IPs (or nets) to the firewall via Virtual IPs? Do you get your /24 routed via a transfer link? Then you don't have to do a thing. It just works. I'd recommend to speak with your upstream provider if that's possible an let them route that net to you over a transfer link rather than handing them out 1-3 addresses of that space for their own HA/routers etc.

    Greets


  • Rebel Alliance Developer Netgate

    As JeGr said, get the /24 routed to you via some other subnet.

    For example you have a WAN subnet /29 to your ISP where they have their gateway and you have your router (or CARP cluster). they route your /24 to your firewall (or CARP VIP) inside the /29.

    Then you do not need to add any VIPs in most cases, or you could add an 'other' type VIP to cover the whole subnet.

    If there is no CARP involved, then a proxy ARP entry for the whole subnet may work, but it's not ideal. Routed is definitely the best solution.



  • If you are trying to load the IP's on the router because you are doing something like load balancing, etc., my idea was to load XML snippits directly via a restore.
    Kludgey but less error prone than doing all the steps multiple times :-)



  • All new stuff to me, could be how the ISP is doing it, they send us the /24 over a vlan (in the same building them), we used to have the /24 split between 2 offices and 3 routers, now thought the C Class is split between 2 separate router, no CARP or anything.

    With that though, and we were able to get them to do as you 2 have suggested, how do i do NAT rules for specific IP's then if the IP's are not entered into PFSense? i just put in the IP directly in the rule instead of first adding it into the Virtual IP area?

    Would that also not cause extra traffic to the routes so when someone goes to say www.mycompany.com it will broadcast to both Routers to see which responds?

    To add to that, incase i can not get them to set it up this way or could cause problems (they have had problems doing simple things before) is there a way to "re-order" the virtual IPs into order by IP address? (yes.. ocd)


Log in to reply