The pfSense Store

Author Topic: IP aliases for the whole subnet  (Read 974 times)

0 Members and 1 Guest are viewing this topic.

Offline thoiz_vd

  • Newbie
  • *
  • Posts: 6
    • View Profile
IP aliases for the whole subnet
« on: May 15, 2012, 09:10:22 am »
I have a problem that I think can be solved using (a combination of) NAT/routing, but I'm not sure how to.

Currently I have a pfSense router that has a LAN1 interface (192.168.0.254) with it and all connected hosts being in the subnet 192.168.0.0/24. I would like to make both the router and all of the hosts available under a second IP range 192.168.1.0/24. Each IP 192.168.1.x should map to 192.168.0.x. By doing this, pinging 192.168.1.x (from any host!) should trigger a reply from host 192.168.0.x, apparently coming from 192.168.1.x.

To give you a sense of what this is for: not all of the hosts on my network (printers for example) allow for setting an IP alias and yet I need them to be reachable on two IPs in different subnets.

Thanks for any help. :)

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14934
    • View Profile
Re: IP aliases for the whole subnet
« Reply #1 on: May 15, 2012, 10:59:08 am »
1:1 NAT can cover an entire subnet in one NAT statement, and may do what you want (especially if you enable the 1:1 reflection options under System > Advanced, Firewall/NAT tab)
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline thoiz_vd

  • Newbie
  • *
  • Posts: 6
    • View Profile
Re: IP aliases for the whole subnet
« Reply #2 on: May 15, 2012, 01:35:09 pm »
Generally this seems to work from within my network. However, I'm not able to use this new subnet in a VPN setup. For example, I created some 192.168.2.0/24 on the other side. Pinging any of the addresses there from 192.168.0.x does not trigger the 192.168.1.0/24<->192.168.2.0/24 tunnel to be established.

Offline podilarius

  • Hero Member
  • *****
  • Posts: 1768
    • View Profile
Re: IP aliases for the whole subnet
« Reply #3 on: May 15, 2012, 01:45:29 pm »
Why go through all that trouble, just change the network to 192.168.0.0/23. This will open up both 192.168.0 and 192.168.1 to be in the same network. Hitting it from 192.168.2.x/24 will open the tunnel.
With OpenVPN, you will have to push a route if you are going to a separate subnet.

Offline thoiz_vd

  • Newbie
  • *
  • Posts: 6
    • View Profile
Re: IP aliases for the whole subnet
« Reply #4 on: May 15, 2012, 02:03:04 pm »
The purpose of the operation is to be able to have two VPNs between location A and B simultaneously. Therefore the subnets need to be different. If VPN1 connecting subnet A1 and B1 is down, then the same hosts will be able to connect over VPN2 connecting subnets A2 and B2.