Multiple (virtual?) IPs on same subnet for NAT
-
My search skills have failed me… if this is the wrong spot to ask I apologize.
I've inherited a poorly laid out small network (configured as 192.168.0.0/24) which had the router/gateway at 192.168.0.90. I've just set up a pfSense box and put it at 192.168.0.1 as Part 1 to cleanup.
Until I can find all the devices on the network (harder than I would have thought) I want the pfSense box to allow devices to use .90 as their gateway address and for the pfSense box to properly NAT those requests out to the internet at large. When I search/Google all I can find is how to use a Virtual IP to route multiple/different subnets. I want to do this for a single subnet as a temporary bandaid until we can find and update the gateway settings that are configured on various devices (like printers, etc...)
I have added a virtual IP already and pfSense does respond to pinging but some "magic" is missing as far as NATing goes. (If it matters I set up that Virtual IP as an IP Alias on the LAN interface)
Any advice? I'm hoping I've missed something obvious and this is an easy thing.
Thanks!
Matt
-
This really goes beyond me. Why should it be .1? Move it back to .90, and once you have found your network devices and reconfigured them to use DHCP like any civilized network, you can switch that to whatever you want without anyone having to do anything else. (Now of course, you can also leave it at .1 and the devices will be found much faster, since people will complain about those not working.)
-
I considered moving the pfSense box to .90 but we've already got most of the network changed over…
Heads not as wise as mine don't want to use DHCP for network printers and other "static" resources so changing now would involve going to every device we have found to change those back to .90 and then back to .1 when we change again to the way we really want it.
This only became an issue when we found a few IPs on the network being used by "unknown" devices. The gut feeling is that those are monitoring devices of some sort for plant equipment down in production but we aren't sure. My hope was to use the power of pfSense to band-aid until we can figure out what those devices are.
Thanks again!
Matt
-
For me, it has to be .1 because I'm OCD and having the gateway at some random place annoys me. And it's easier to troubleshoot when you deal with dozens of networks. I'd have to re-number the network though, because having it at 192.168.0.0 would drive me crazy also.
Anyway, I've done this before with a CARP VIP on the LAN. Don't recall having to change anything else. -
I considered moving the pfSense box to .90 but we've already got most of the network changed over…
How? By hardcoding the GW and IPs into the devices once again? Well, that was a huge waste of time.
-
I've done this before with a CARP VIP on the LAN. Don't recall having to change anything else.
By itself, changing the Virtual IP type to CARP doesn't seem to have helped. Thanks though for the suggestion and your time.
Well, that was a huge waste of time.
You are absolutely correct and it is a shame that management does not value the purity of a civilized network and decided not to listen to my advice.
That said, I would love to hear from you any thoughts on solving the question actually posed in my original post which was whether a Virtual IP in the same subnet as the pfSense's primary LAN IP can also be used as a gateway for devices on the network.
Thanks for your time as well!
-
By itself, changing the Virtual IP type to CARP doesn't seem to have helped. Thanks though for the suggestion and your time.
Curious as to what's wrong. I just took a fresh 2.2.2 box, connected the wan to my lan (double nat, but this is just to prove a point), stuck a laptop behind it.
Laptop get dhcp, on the net, all good. Then I added a CARP VIP of .90 on the LAN (remember to use /24 subnet).
Changed laptop to static ip, set the gateway to .90 all good, on the net… -
Curious as to what's wrong. I just took a fresh 2.2.2 box, connected the wan to my lan (double nat, but this is just to prove a point), stuck a laptop behind it.
Laptop get dhcp, on the net, all good. Then I added a CARP VIP of .90 on the LAN (remember to use /24 subnet).
Changed laptop to static ip, set the gateway to .90 all good, on the net…Based on this, I did a Factory Defaults reset and it works now. I going to assume I borked something when trying to configure something else.
Thanks!