Complicated configuration



  • OK it's complicated… In our University we have old gateway on FreeBSD. So we want to change it whit pfSense whit identical configuration... see the attached picture for the configuration..

    Sooo we have on Gate:

    1 WAN port and 2 Lan ports

    Our organization have 2 public network address ranges... something like 194.141.252.x and 194.141.2.x . On WAN port of GW is added the 194.141.252.6x (may be untagged VLAN) address, but we go out whit the public address 194.141.2.1 (if make who is check 194.141.2.1 appear).

    Behind the GW we have a Microtic machine that manage traffic for students which authenticate through it  to a remote RADIUS server. The RADIUS server is over Internet! We need to manage all requests and traffic to use 194.141.2.2 like public (students use 10.5.50.x IP's)! Wi-Fi clients communicate through LAN by a gigabit switch- access points communicate via VLAN whit 10.0.56.x and then clients use address range IP from 10.5.50.x

    The problem is that in the old configuration (the working configuration! :) ) the guy who make all, he use a same IP address 194.141.2.2 for inbound port on Microtic machine and we need to use that IP like public  ?!?  ??? Very confusing for me...  :-\

    If u ask why need that.. because if some one from other University came to our Uni, he can enter whit his User and Pass to Wi-Fi .

    So how to manage this configuration on pfSense? Any ideas will be helpful!



  • The problem is that in the old configuration (the working configuration! :) ) the guy who make all, he use a same IP address 192.141.2.2 for inbound port on Microtic machine and we need to use that IP like public  ?!?

    I don't quite understand your network, but according to your picture, the Microtic is using 194.141.2.2 and not 192.141.2.2.
    You're right:  Having 192.141.2.2 on the Microtic would probably conflict with one of the public addresses on your gateway. But 194.141.2.2 (as the picture indicates) would not.

    If the network configuration is working now and the addresses in the picture are correct, then perhaps are you're (understandably) overwhelmed and simply confusing the 192. and 194. addresses…?



  • Thanks for answer cneep.

    I have typed wrong… it's 194 not 192. When change the IP on Microtik on other like 194.141.2.3 when i make "who is" search from Internet he goes out through GW whit same IP address. Don't know why is that.

    I already managed to make everyone from my LAN to go out whit what IP i want.



  • OK i tray to make NAT.. but may be not in right way.

    How to make a NAT 1:1, all local network addresses to go out from one public IP, but not to use the "any" option?

    x.x.x.1 ip WAN <=> go out IP's from LAN
    x.x.x.2 ip WAN <=> go out IP,s from OPT 1

    PS: there is only one WAN interface!


Log in to reply