Author Topic: Separate WAN Subnet for multiple IP addresses.  (Read 885 times)

Offline jbryant84

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Separate WAN Subnet for multiple IP addresses.
« on: April 21, 2017, 09:42:56 PM »
I hope I'm welcome here, I found this site from the pfSense group on FB, and thought this would be better posted here rather than in that group. This is more of a general networking question rather than specifically pfSense.

Some ISPs use a wan/lan separate subnet setup for multiple usable IP addresses. So for instance, 71.159.213.195 is the WAN subnet, with 1x usable IP address of 71.159.213.196. The LAN subnet is 71.159.214.150-155. We use pfSense virtualized in ESXi, so we currently use two pfSense installs as follows to accomplish this. We make a WAN NIC and plug it into the ISP's device, and it goes to 1 pfSense install that we've disabled NAT on, so it's a dumb router set up as follows: 71.159.213.195 WAN GW, 71.159.213.196 WAN IP. The "dumb router" pfSense install then has a LAN IP of 71.159.214.150, and that interface is on a vswitch in esxi with a second pfSense install's WAN interface, it does NAT for the rest of our equipment. The vswitch is also on a physical NIC on the host that then goes to a sonicwall, or whatever else needs a static IP not behind nat (or to a real switch, if there are multiple devices needing IPs.) Anything else can plug into that, and 71.159.213.151-155 usable IP addresses with 71.159.213.150 as the gateway. Once configured it all functions fine. My question is, is it possible to do this on a single pfSense install? I have tried to add an OPT1 interface, and everything can connect to the internet, but it's double NAT.

Offline Edd Noman

  • Administrator
  • Newbie
  • *****
  • Posts: 28
  • Karma: +2/-0
    • View Profile
Re: Separate WAN Subnet for multiple IP addresses.
« Reply #1 on: April 22, 2017, 05:04:40 PM »
Trying to follow your setup there and I get lost of why you have configured it this way and what is the over all issue \ solution you are trying to setup?

Whitout knowing your full layout it sounds to me your issue is whit the ESXi network \ vSwitch configurations, possible also hardware related as when you doing a vm pfSense the WAN port should be directly passhrough to that machine

Offline jbryant84

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Separate WAN Subnet for multiple IP addresses.
« Reply #2 on: April 22, 2017, 10:29:46 PM »
Everything works fine. Just trying to consolidate everything onto one pfsense VM.

Offline Edd Noman

  • Administrator
  • Newbie
  • *****
  • Posts: 28
  • Karma: +2/-0
    • View Profile
Re: Separate WAN Subnet for multiple IP addresses.
« Reply #3 on: April 24, 2017, 02:59:24 PM »
Yes whit out any information of why you have a separate edge router in front of your NAT router and you could merge these into one unit