Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Additional Subnet to WAN-IP

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MM
      last edited by

      Hi folks!
      The Situation: Two static public ip-addresses from isp at wan interface. One additional /27 subnet, routed to one of  the public ip-addresses.
      The Question: How to manage access from /27 subnet to internal servers with pfsense 1.2?
      Thanks in advance!
      mm

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        For additional public IP's on WAN, create VIP's. (Firewall –> Virtual IPs)

        To route a subnet from one of your public IP's, enable "Advanced outbound NAT" (Firewall --> NAT) and see to it that there is no entry that NAT's your /27 subnet. Now it is being normally routed.
        Create firewall rules to allow traffic.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • M
          MM
          last edited by

          Thanks for fast reply, but its not working. The /27 subnet is public. Perhaps you missunderstood. I am not able to add an VIP out of that /27 subnet.
          mm

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            No i understood you correct.
            I think you should reread my post :)

            Have the IP to which your /27 subnet is routed to directly as WAN-IP.
            Add the additional IP on your WAN as VIP.

            Define the IP of the OPTx or LAN (or whatever the interface of your /27 subnet is called)
            as one out of your /27.

            If you enable advanced outbound NAT you can define manually what should be NATed from where to where, or what should NOT be NATed.
            In your case you DONT want to NAT your /27 to WAN.
            If there is no entry in the AoN table for the subnet it wont be NATed, but routed –> which is what you want.

            Maybe you could write which steps you took and i can help you from there.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.