OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: TommyJay on June 29, 2017, 04:32:08 pm

Title: [SOLVED] Multiple WAN IPs on one interface
Post by: TommyJay on June 29, 2017, 04:32:08 pm

Hello all,

I'm trying to get the following situation set up, but can't seem to get it working.
I have one Opnsense VM running, using a static WAN IP x.x.x.80/26, which is the default gateway for the LAN segment. No problem so far.

Now, I'm trying to get the following working, but I can't figure out how to do it.
I have several WAN IP addresses available, x.x.x.76/26-x.x.x.80/26. What I want, is to assign an additional WAN IP to the WAN interface and have a LAN client use this IP as both an incoming and outgoing IP address.

Incoming isn't a problem, using a virtual IP for the WAN interface, but outgoing uses the default gateway (x.x.x.80).

Can someone tell me if what I'm trying to achieve is possible and if so, how?

Title: Re: Multiple WAN IPs on one interface
Post by: bartjsmit on June 29, 2017, 06:20:55 pm

Yes, you need a 1:1 NAT for this. It guarantees that the traffic is symmetrical. Firewall -> NAT -> One-to-One

Bart...

Title: Re: Multiple WAN IPs on one interface
Post by: Ciprian on June 30, 2017, 10:15:10 am

bartjsmit is right!

In addition, and as an another approach, and especially for your possible future needs when you will have to assign a range of public IPs to several machines, set an interface (opt1) to be treated as a perimeter one, meaning you will disable NAT entirely for that interface. But you have to have route in place in between you and your ISP for that range: your ISP must route any request to any of your public IPs to your WAN IP.

It depends on what your needs are...
Good luck!

Title: Re: Multiple WAN IPs on one interface
Post by: TommyJay on July 12, 2017, 12:04:36 pm

Hey guys, it's been a while since I made this post, but I want to let you know that I managed to get it working with 1:1 NAT and virtual IP's for the WAN port.

Thanks for the help!

Title: Re: Multiple WAN IPs on one interface
Post by: Ciprian on July 12, 2017, 12:08:23 pm

Great! Glad you did it and works. :)

Title: Re: [SOLVED] Multiple WAN IPs on one interface
Post by: Vin1 on July 13, 2017, 12:28:19 pm

I managed as well but only 1 internal address to 1 external Virtual Ip.
When I try to NAT the Lan subnet to the external IP the thing crashes.

Is it possible to use the virtual external ip as outgoing ip for the whole Lan subnet ?

Update:
Found the solution ! Forget 1:1 NAT !

Use NAT - Outbound with
Interface: Waninterface
Source: Lanip/subnet
Nat address: virtual external Ip

That's it !

Title: Re: [SOLVED] Multiple WAN IPs on one interface
Post by: Ciprian on July 13, 2017, 10:15:39 pm

Exactly!

I have read in my email your initial reply, without the update, and I entered here to tell you the solution. Glad you found it quickly!

Keep up the good work!