[SOLVED] Multiple WAN IPs on one interface

Started by TommyJay, June 29, 2017, 04:32:08 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 29, 2017, 04:32:08 PM Last Edit: July 12, 2017, 02:55:44 PM by franco
Hello all,

I'm trying to get the following situation set up, but can't seem to get it working.
I have one Opnsense VM running, using a static WAN IP x.x.x.80/26, which is the default gateway for the LAN segment. No problem so far.

Now, I'm trying to get the following working, but I can't figure out how to do it.
I have several WAN IP addresses available, x.x.x.76/26-x.x.x.80/26. What I want, is to assign an additional WAN IP to the WAN interface and have a LAN client use this IP as both an incoming and outgoing IP address.

Incoming isn't a problem, using a virtual IP for the WAN interface, but outgoing uses the default gateway (x.x.x.80).

Can someone tell me if what I'm trying to achieve is possible and if so, how?
June 29, 2017, 06:20:55 PM #1
Yes, you need a 1:1 NAT for this. It guarantees that the traffic is symmetrical. Firewall -> NAT -> One-to-One

Bart...
June 30, 2017, 10:15:10 AM #2
bartjsmit is right!

In addition, and as an another approach, and especially for your possible future needs when you will have to assign a range of public IPs to several machines, set an interface (opt1) to be treated as a perimeter one, meaning you will disable NAT entirely for that interface. But you have to have route in place in between you and your ISP for that range: your ISP must route any request to any of your public IPs to your WAN IP.

It depends on what your needs are...
Good luck!
July 12, 2017, 12:04:36 PM #3
Hey guys, it's been a while since I made this post, but I want to let you know that I managed to get it working with 1:1 NAT and virtual IP's for the WAN port.

Thanks for the help!
July 12, 2017, 12:08:23 PM #4
Great! Glad you did it and works. :)
July 13, 2017, 12:28:19 PM #5 Last Edit: July 13, 2017, 02:44:44 PM by Vin1
I managed as well but only 1 internal address to 1 external Virtual Ip.
When I try to NAT the Lan subnet to the external IP the thing crashes.

Is it possible to use the virtual external ip as outgoing ip for the whole Lan subnet ?

Update:
Found the solution ! Forget 1:1 NAT !

Use NAT - Outbound with
Interface: Waninterface
Source: Lanip/subnet
Nat address: virtual external Ip

That's it !
July 13, 2017, 10:15:39 PM #6
Exactly!

I have read in my email your initial reply, without the update, and I entered here to tell you the solution. Glad you found it quickly!

Keep up the good work!
Print
Go Up Pages1
User actions