How to use Public IP in case of two ISP when two differs from each other
Posted
by
user1471995
on Server Fault
See other posts from Server Fault
or by user1471995
Published on 2012-06-21T12:07:50Z
Indexed on
2012/06/21
15:17 UTC
Read the original article
Hit count: 270
networking
|pfsense
Please bare with my long explanation but this is important to explain the actual problem. Please also pardon my knowledge with PFsense as i am new to
this.
I have single PFSense box with 3 Ethernet adapter. Before moving to configuration for these, i want to let you know i have two Ethernet based
Internet Leased Line Connectivity let's call them ISP A and ISP B. Then last inetrface is LAN which is connected to network switch.
Typical network diagram
ISP A ----->
PFSense ----> Switch ---- > Servers
ISP B ----->
ISP A (Initially Purchased)
WAN IP:- 113.193.X.X /29
Gateway IP :- 113.193.X.A
and other 4 usable public IP in same subnet(So the gateway for those IP are also same).
ISP B (Recently Purchased)
WAN IP:- 115.115.X.X /30
Gateway IP :- 115.115.X.B
and other 5 usable public IP in different subnet(So the gateway for those IP is different), for example if 115.119.X.X2 is one of the IP from that
list then the gateway for this IP is 115.119.X.X1.
Configuration for 3 Interfaces
Interface : WAN
Network Port : nfe0
Type : Static
IP Address : 113.193.X.X /29
Gateway : 113.193.X.A
Interface : LAN
Network Port : vr0
Type : Static
IP Address : 192.168.1.1 /24
Gateway : None
Interface : RELWAN
Network Port : rl0
Type : Static
IP Address : 115.115.X.X /30 (I am not sure of the subnet)
Gateway : 115.115.X.B
To use Public IP from ISP A i have done following steps
a) Created Virtual IP using either ARP or IP Alias.
b) Using Firewall: NAT: Port Forward >> i have created specific natting from one public IP to my internal Lan private IP for example :-
WAN TCP/UDP * * 113.193.X.X1 53 (DNS) 192.168.1.5 53 (DNS)
WAN TCP/UDP * * 113.193.X.X1 80 (HTTP) 192.168.1.5 80 (HTTP)
WAN TCP * * 113.193.X.X2 80 (HTTP) 192.168.1.7 80 (HTTP)
etc.,
c) Current state for Firewall: NAT: Outbound is Manual and whatever default rule are defined for the WAN those are only present.
d) If this section in relevant then for Firewall: Rules at WAN tab then following default rule has been generated.
* RFC 1918 networks * * * * * Block private networks
* Reserved/not assigned by IANA * * * * * *
To use Public IP from ISP B i have done following steps
a) Created Virtual IP using either ARP or IP Alias.
b) Using Firewall: NAT: Port Forward >> i have created specific natting from one public IP to my internal Lan private IP for example :-
RELWAN TCP/UDP * * 115.119.116.X.X1 80 (HTTP) 192.168.1.11 80 (HTTP)
c) Current state for Firewall: NAT: Outbound is Manual and whatever default rule are defined for the RELWAN those are only present.
d) If this section in relevant then for Firewall: Rules at RELWAN tab then following default rule has been generated.
* RFC 1918 networks * * * * *
* Reserved/not assigned by IANA * * * * * *
Last thing before my actual query is to make you aware
that to have multiple Wan setup i have done following steps
a) Under System: Gateways at Groups Tab i have created new group as following
MultipleGateway WANGW, RELWAN Tier 2,Tier 1
Multiple Gateway Test
b) Then Under Firewall: Rules at LAN tab i have created a rule for internal traffic as follows
* LAN net * * * MultipleGateway none
c) This setup works if unplug first ISP traffic start routing using ISP 2 and vice-versa.
Now my main query and problem is i am not able to use public IP address allocated by ISP B, i have tried many small tweaks but not successful in
anyone. The notable difference between the two ISP is
a) In case of ISP A there Public usable IP address are on same subnet so the gateway used for the WAN ip is same for the other public IP address.
b) In case of ISP B there public usable IP address are on different subnet so the obvious the gateway IP for them is different from WAN gateway's IP.
Please let me know how to use ISP B public usable IP address, in future also i am going to rely for more IPs from ISP B only.
© Server Fault or respective owner