Assign computers behind pfsense to WAN interfaces



  • I am guessing this should be quite a simple one but what I am wanting to do is set 192.168.0.10 to use WAN1 and 192.168.0.11 o use WAN2 and so on with different machines.

    Eg 192.168.0.10 only uses WAN1 and doesn't use the second WAN at all and the same for .11 but using WAN2 instead.

    Also only one of my ADSL connections has multiple public ips so if I set 192.168.0.10 to one of my external ips on WAN1 would it only use WAN1 for internet access?



  • Create a rule on your LAN (or whatever interface your clients are) ABOVE all other rules with as source your client and as gateway the WAN it should use.

    I dont really understand your second question.

    Elaborate on your setup.



  • WAN1 interface has 8 static ips
    WAN2 interface has 1 dynamic IP

    I was wanting to assign one of my block to computer 1, if I use VIP and 1:1 NAT will I still have to bother with assigning WAN1 to computer 1, using the method you gave?

    Thanks for the answer it is much appreciated :)



  • 1:1 NAT is bidirection.

    If you 1:1 NAT something then it will always go out the WAN from which the mapping is.



  • I tried to setup 1:1 NAT

    My router ip is 78...105 and the ip I was wanting one of my computers to be was 78...110. In 1:1 NAT I set ip to 78...110/32 forwards to 192.168.0.220/32 but this didn't allow any traffic out from the computer, on deleting the entry it was working again.

    What have I done wrong?

    ps. I was told my connection is on the /29 allocation



  • Can you show screenshots of all the pages that are relevant?
    (1:1 NAT, VIP, firewall WAN and LAN)
    Are you using Advanced outbound NAT?



  • I'm using Automatic outbound NAT rule generation (IPsec passthrough).

    When I tried to add a CARP VIP it informed me that I can't set that ip as its not on the same subnet.

    I currently have 2 modems DMZ'd to my pfsense box, I do have the option of half-bridge but I don't think I am able to see modem status when I set this option which is the main reason I do not use it.

    Thanks again for your help :)



  • Like now it wont work because your 1:1 NATing an IP that does not exist.
    –> You need to create a VIP which will be used in the 1:1 NAT rule.

    Can you set the CARP-VIP again and show a screenshot of how you set it up?
    Please be aware (there is a note on the config page too) that if you configure a CARP-VIP you have to set the correct subnet.
    NOT /32

    (also if you search the forum for this exact problem you will find http://forum.pfsense.org/index.php/topic,9057.0.html in which i wrote the solution to this problem just a few days ago)



  • I had a look at the thread and tried to setup the VIP but I had the same problem that I had earlier…

    The following input errors were detected:

    * Sorry, we could not locate an interface with a matching subnet for 78.32.215.110/29. Please add an ip in this subnet on a real interface.



  • How is your WAN set up?
    Are you using the pfSense to authenticate the PPPoE?
    Because this would be a Problem: PPPoE WAN's are /32 IP's.
    Meaning you cannot have a CARP-Type VIP on such a WAN.

    Try using a PARP-type VIP.



  • Router 1 192.168.1.1  -> eth1 192.168.1.4 (DMZ) -> WAN1
    Router 2 192.168.10.1 -> eth2 192.168.10.4 (DMZ) -> WAN2

    I'm not using it to do pppoe.

    I tried a PARP VIP but this had the same effect of no Internet access on the computer I assigned the ip to.



  • Reboot the device in front of the ProxyARP IP or dump it's ARP cache. Often it's just an ARP issue of the device in front of you when adding/changing virtual IPs.



  • Unfortunately that didn't work either :(

    So I don't really know whats going wrong here, would it work if I used pppoe? The only issue I have with that is I can't see my modems config pages and can't check what speed on the dsl I'm getting :(



  • I am still getting this problem, I don't know if anyone can help…


Log in to reply