Netgate SG-1000 microFirewall

Author Topic: VIPs and 2 LANs  (Read 176 times)

0 Members and 1 Guest are viewing this topic.

Offline aciesler

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
VIPs and 2 LANs
« on: November 14, 2017, 11:24:13 am »
I am new to pfsense! I have 2.4.0 community and wondered if someone could help me understand how to have 2 LANS, each with their own unique static WAN IP. Traffic isn't expected to route between LANs. I do have 3 ports on my hardware, however I can trunk 1 NIC if that's how people want to guide me.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21747
  • Karma: +1503/-26
    • View Profile
Re: VIPs and 2 LANs
« Reply #1 on: November 15, 2017, 10:43:29 am »
So you just want the traffic from each LAN to appear to exit from a different VIP when it leaves WAN?

You can do that easily with outbound NAT.

1. Add the VIPs if you haven't already, and make sure they work
2. Firewall > NAT, Outbound tab, set it to Hybrid mode and save.
3. Add a rule on that page for the WAN interface, match a source of the first LAN subnet, translation address is your first VIP
4. Copy that rule, change the source to your second LAN, and set the translation address to your second VIP

If you only have one VIP and want to use the WAN address for one of those, you can do that too, just set the translation addresses to be whatever you need/want.

Anything beyond that (like stopping the networks from reaching each other) is up to your local rules on their interfaces, the outbound NAT only controls what happens when their traffic exits WAN.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!