pfSense Support Subscription

Author Topic: Secondary address space on the WAN interface (different gateway)  (Read 1627 times)

0 Members and 1 Guest are viewing this topic.

Offline wmiwmi

  • Newbie
  • *
  • Posts: 9
    • View Profile
My ISP recently allocated another IP range on our corporate Internet connection.  The new one is a public /29.  Unfortunately, it has a different gateway than my first /29 range.  So something like this...

Initial IP range: x.y.z.a/29 gateway 192.168.1.1 (but public)
New IP range:   b.c.d.e/29, gateway 10.0.0.1 (but public)

What I had expected from the ISP was an additional grant using the same gateway (not sure that that was even a reasonable expectation, but that's what I thought I'd get), so that I could add the additional IPs as VirtualIPs.  Since this new range has a different gateway, I'm not sure how to do that in pfsense.  The ISP says that these IPs come in on the same physical interface from them - but I'm not sure how make use of these in pfSense.  Is there a way to add a new "virtual" (?) interface on the same physical interface?

Offline Metu69salemi

  • Hero Member
  • *****
  • Posts: 1564
    • View Profile
Re: Secondary address space on the WAN interface (different gateway)
« Reply #1 on: June 17, 2011, 09:26:41 am »
Proxy arp is capable in this situation. or if you have multiple modems you could create loadbalancing/failover situation

Offline wmiwmi

  • Newbie
  • *
  • Posts: 9
    • View Profile
Re: Secondary address space on the WAN interface (different gateway)
« Reply #2 on: June 17, 2011, 09:52:55 am »
How would I actually do it?  Attached is snip from my proxy arp screen, but I don't see any obvious way to specify the new connection/gateway

http://postimage.org/image/2lhonjpxg/


Offline Metu69salemi

  • Hero Member
  • *****
  • Posts: 1564
    • View Profile
Re: Secondary address space on the WAN interface (different gateway)
« Reply #3 on: June 17, 2011, 02:57:12 pm »
Try to look for load balancing there  might be your answer

Offline wmiwmi

  • Newbie
  • *
  • Posts: 9
    • View Profile
Re: Secondary address space on the WAN interface (different gateway)
« Reply #4 on: June 17, 2011, 03:45:10 pm »
Ok - so it works, but I'm not sure how it works. 

From the new IP range, I created a Proxy ARP entry for 1 of the new Virtual IPs (x.y.z.1/32), on the same physical interface. 
Next, I created a NAT rule forwarding HTTP traffic from x.y.z.1/32 to an internal web-server.
Then, I tried connecting externally to http://x.y.z.1 - and I saw the web-page of my web browser.

So - great, it works!  But what I'm confused about, is how it worked.  Without having the new gateway specified somehow (since the Proxy ARP entry doesn't let you add a gateway), how am I able to hit this from off-site?  Does this mean that my ISP has routed the IP to me? 

Thanks!

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6295
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Secondary address space on the WAN interface (different gateway)
« Reply #5 on: June 17, 2011, 03:53:01 pm »
You don't need the gateway, in those scenarios it's generally the same as your default gateway. A better scenario is having your ISP route that second block to you, that way you aren't wasting 3 IPs, network, broadcast and gateway addresses, out of that subnet. There's no need to assign subnets like they're doing there (it'll work, just not the best way).

Offline wmiwmi

  • Newbie
  • *
  • Posts: 9
    • View Profile
Re: Secondary address space on the WAN interface (different gateway)
« Reply #6 on: June 17, 2011, 04:06:08 pm »
Then how does it work?  The first IP block from my ISP had a "gatewayA" which is assigned to my physical interface.  The second grant that I got today had "gatewayB", which I'm not specifying anywhere.  I'm going through and adding each IP from that new range as Proxy ARP VirtualIPs (e.g. 1.2.3.4/32, 1.2.3.5/32, etc. instead of 1.2.3.4/29), and creating NAT rules for each, but since "gatewayB" isn't ever specified anywhere within pfSense, I'm not sure how/why it's working.

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6295
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Secondary address space on the WAN interface (different gateway)
« Reply #7 on: June 17, 2011, 04:10:00 pm »
Gateway B has the same MAC as gateway A so it only has to use gateway A. If B were on a different router from A, you'd have issues as currently configured, in that case you'd just set it up as a second Internet connection on a separate interface (as that's what it would be).