Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Complicated configuration

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I Offline
      Infinity_bg
      last edited by

      OK it's complicated… In our University we have old gateway on FreeBSD. So we want to change it whit pfSense whit identical configuration... see the attached picture for the configuration..

      Sooo we have on Gate:

      1 WAN port and 2 Lan ports

      Our organization have 2 public network address ranges... something like 194.141.252.x and 194.141.2.x . On WAN port of GW is added the 194.141.252.6x (may be untagged VLAN) address, but we go out whit the public address 194.141.2.1 (if make who is check 194.141.2.1 appear).

      Behind the GW we have a Microtic machine that manage traffic for students which authenticate through it  to a remote RADIUS server. The RADIUS server is over Internet! We need to manage all requests and traffic to use 194.141.2.2 like public (students use 10.5.50.x IP's)! Wi-Fi clients communicate through LAN by a gigabit switch- access points communicate via VLAN whit 10.0.56.x and then clients use address range IP from 10.5.50.x

      The problem is that in the old configuration (the working configuration! :) ) the guy who make all, he use a same IP address 194.141.2.2 for inbound port on Microtic machine and we need to use that IP like public  ?!?  ??? Very confusing for me...  :-\

      If u ask why need that.. because if some one from other University came to our Uni, he can enter whit his User and Pass to Wi-Fi .

      So how to manage this configuration on pfSense? Any ideas will be helpful!
      diagram.jpg
      diagram.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • C Offline
        cneep
        last edited by

        The problem is that in the old configuration (the working configuration! :) ) the guy who make all, he use a same IP address 192.141.2.2 for inbound port on Microtic machine and we need to use that IP like public  ?!?

        I don't quite understand your network, but according to your picture, the Microtic is using 194.141.2.2 and not 192.141.2.2.
        You're right:  Having 192.141.2.2 on the Microtic would probably conflict with one of the public addresses on your gateway. But 194.141.2.2 (as the picture indicates) would not.

        If the network configuration is working now and the addresses in the picture are correct, then perhaps are you're (understandably) overwhelmed and simply confusing the 192. and 194. addresses…?

        1 Reply Last reply Reply Quote 0
        • I Offline
          Infinity_bg
          last edited by

          Thanks for answer cneep.

          I have typed wrong… it's 194 not 192. When change the IP on Microtik on other like 194.141.2.3 when i make "who is" search from Internet he goes out through GW whit same IP address. Don't know why is that.

          I already managed to make everyone from my LAN to go out whit what IP i want.

          1 Reply Last reply Reply Quote 0
          • I Offline
            Infinity_bg
            last edited by

            OK i tray to make NAT.. but may be not in right way.

            How to make a NAT 1:1, all local network addresses to go out from one public IP, but not to use the "any" option?

            x.x.x.1 ip WAN <=> go out IP's from LAN
            x.x.x.2 ip WAN <=> go out IP,s from OPT 1

            PS: there is only one WAN interface!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.