pfsense Setting Multiple Static WAN IP Addresses / Using Virtual IP's NAT Firewall Rules

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

okay this video is to explain how to assign multiple LAN IP addresses to pfSense here's the land address here is the way on static ipv4 we set a static I signed it one seven two 1669 fifty with a gateway of one seven two 1669 one pretty straightforward and they make it kind of nice because they have the a gateway here but if you ever have to change the gateway in a static you can also go in the system routing and this is where your gateway show up where you can set even multiple gateways for a system for some advanced use cases so you see only the one IP address here but we've actually got two assigned already now where they show up is under fire wall and then virtual IPS so what a virtual IP is is it's another assignment to the LAN address that means it's gonna use the same gateway as the win so the same rule sets as the LAN as far as that goes but it is a extra IP address that is accessible and ideally these are usually on your external side but I received it can be used internally too if you want to assign multiple IPS internally and do other advanced routing options so how do you do this well we're gonna edit one first and we'll create another one so here's this one is called 172 1669 150 1/24 it all has to be part of the same assignment given to you by the iasb so we're pretending because this is my lab that the isp gave us two different IP addresses 150 151 let's make up a third one 152 so let's go ahead and create a new ones we're gonna here our virtual IPS add 152 well let's call this actually third IP address for the LAN it's an IP alias change it to match the same cider notation as you were assigned Manus sass 24 this is obviously gonna vary with whatever your ISP is assigned to you so whatever ranges they give to you you set the first one as your LAN make sure you have the gateway correct and then set each subsequent want to make sure whatever the cider notation or subnetting that they handed you is you follow along with that if you wanted to work properly now regular plying now we have two addresses assigned so we've got this one here but as you may note when you go back to the dashboards you only see the one IP address so let's see actually how this plays out in the firewall on how you actually manipulate having multiple public IP addresses now this is actually the exact case we have here at my office we have a block of IPs given to us and that allows us to run all the different services even if they are using the same port which won't work if you have only one IP I can have the port 80 open on one and port 80 up on another IP address but let's talk about how that actually works so here's the rule we created from my last demo on how to do NAT port forwarding MPF sense so we have our linux box at 192 168 40 . 50 we have ssh open we have the destination address as when so we go here and we ssh to 172 1669 150 which is our way on IP address as you can see at the top here and we're into our 192 168 40 50 linux box so pretty straightforward there exit all right now here is the when address when we created the rule but here's those other two IP address assignment second IP there so let's move it to one five to save apply and you can see 172 1659 152 go over here to our ssh and i've see 150 now fails 152 works so now we're into that box now so let's go over here and take a look at another option on here what if you wanted all the external IPS to listen to that well you can actually do that to you just cover it away on address hit save apply and now I'm sorry I need it I chose that wrong or those you watch and pay attention here I need I meant to choose win net that means all the IP is assigned to the way on net go here 152 works 151 works and 150 works so pretty straightforward here for that torque not as likely you'll use that but this way it might be fun if you're setting up a honeypot you can make all the external IPS across that entire win net and all the virtual IP assignments go there but generally speaking you're gonna want to do this and create these rules based on you know maybe you want this to run SSH and you want another server to run SSH so if you have this server on the 151 and then 152 you wanted SSH but you want to go to a different server that's one of the use cases for this we have more than one thing that runs over web protocols so we can't reuse the same port over again for HTTP I mean we obviously could create a a whole nother set of proxies and things like that but for simplicity reasons if you have more than one IP address this makes a really easy way to do it you assign some services to one IP address other services to another IP address and that's really it so it's just firewall virtual IPs and whatever the notation is based on your ISP so that's not a lot to it it's just not maybe where some people expect it because there's some people and then some firewalls do offer this when you do it everything's contained within the land where you would actually assign all the IP addresses here but the only thing you need to put here is the first IP and that range of your win and then each subsequent IP or a sign static assignments given to you you assign them here on your virtual ip's alright thanks so fleece is helpful thanks for watching if you like this video go ahead and click the thumbs up leave us some feedback below to let us know any details what you liked and didn't like as well because we love hearing a feedback or if you just want to say thanks leave a comment if you wanted to be notified of new videos as they come out go ahead and to subscribe and the bell icon that lets YouTube know that you're interested in notifications hopefully they send them as we've learned with YouTube anyways if you want to contract us for consulting services you go ahead and hit Lauren systems comm and you can reach out to us for all the projects that we can do and help you we work with a lot of small businesses IT companies even some large companies and you can farm different work out to us or just hire us as a consultant to help design your network also if you want to help the channel in other ways we have a patreon we have affiliate links you'll find them in the description you'll also find recommendations to other affiliate links and things you can sign up for on Lauren systems comm once again thanks for watching and I'll see you in the next video

Info

Channel: Lawrence Systems

Views: 122,404

Rating: undefined out of 5

Keywords: pfsense (software), pfsense firewall rules, NAT Firewall Rules, pfsense, tutorial, pfsense firewall, nat, network, pfsense router, pfsense tutorial, pfsense setup, open source, networking, pfsense virtual ip, firewall, wan, router, firewall (software genre)

Id: JGZvJOiZ5Tg

Channel Id: undefined

Length: 7min 6sec (426 seconds)

Published: Mon May 21 2018