Route a /24 public subnet to another /24 public subnet

  • In the next few weeks we will be doing a massive (physical) migration from one public /24 subnet to another public /24 subnet. We will have to update various settings, DNS, firewall entries, etc over 100 servers and related load balancers and appliances. During this time as we update systems we would like it if the old IP pool can forward (masquerade?) to the new IP pool, all ports, in a one-to-one mapping. For example:

    Source IP: (all ports)
    Target IP

    Source IP: (all ports)
    Target IP:

    We can leave one of our smaller pfSense boxes at the old location to do this forwarding. I know "port forwarding" and "NAT" but these are for proxying data between a public and a private IP. In this case, we need to masquerade/forward/proxy data from a public to a new public IP. We could also establish a site-to-site OpenVPN tunnel, but I am still not sure how to do this. Is this something easy to accomplish?

    Thanks ahead of time for your help, and spending the time to read this post!


  • Rebel Alliance Developer Netgate

    It can be done, with 1:1 NAT for the subnet, OpenVPN with assigned interfaces and the right set of rules.

    You will need to build a static key OpenVPN tunnel between the sites, assign the interfaces on both ends, and make sure to only have firewall rules on the assigned OpenVPN tab.

    If you happen to be a gold subscriber that is one of the topics I talked about in the "Advanced OpenVPN Concepts" hangout back in September.

Log in to reply