Different External IPs for each subnet (PFSense)

So I have been assigned 5 IPs by my ISP, and I would like to seperate my home lab and my personal networks, I already already moved my servers to other interfaces, but I would like to route traffic accordingly, so that my LAN does to one IP, OPT1 goes to another, etc. I am not very familiar with networking, so I am currently unsure what I need to do, I have discussed with a user in the discord on this, and they told me this would be a better place to post for help.

I have setup virtual IPs for the 4 other IPs I have been assigned, and tried routing through outbound NAT, but when I do I lose external internet on the subnet I tried this on.

I also cannot connect to the IPs externally, however I can connect internally to those IPs.

Best I can tell, it is 5 seperate /24 assigned IPs, with no use of VLANs on the WAN side (as far I know).

I’m not sure what other information you guys might need, so I’ll answer questions to the best of my ability.

You do that under outbound NAT translation:

Yes, I’ve tried this, and this is what causes me to lose internet access, I mentioned it in my OP, but maybe I wasn’t clear enough on that.

I get the goal of wanting to route out of those IP’s, but what is the purpose? Also, what do you mean when you say you can not get to those IP’s externally?

So the goal is to isolate my lab from my home network, so they appear as two different networks essentially, and when I set a port forward, say 80 and 443, if I visit the website while connected to my local network, I can access the websites no issue, if I am not connected to my local network, I cannot connect to the websites I was previously able to connect to.

You don’t need separate WAN IP’s to isolate your networks and NAT Reflection will let you access the public IP’s from inside the network NAT Reflection | pfSense Documentation

It’s been years since anyone asked me for a setup like this and I don’t recall what special settings beyond the NAT ones need to be set, perhaps post in their forums.

Alright, I appreciate your help Tom, I’ll go ahead and post in their forums and see if they can help me, thinking on it, it’s definitely an odd thing I am attempting to do, but I guess it’s really, I’m paying for it, I want to use it if I can situation.

As I’m rereading this, I realized I worded this very poorly, I am trying to separate both my home lab and my home network for a couple of different reasons partially so that I stopped getting flagged by cloudflare, as far as I can tell it’s because I have wire guard running, this is their words, not mine. I’m also trying to avoid using a single machine to route all my internal traffic, which is what I’m currently doing and it is somewhat unreliable so I was hoping to be able to run an instance of Zoraxy on each machine and it would route its own web traffic but I can’t do that from a single IP as I need both 80 and 443 open, and I can only route it once per IP. I guess what I’m doing is a little convoluted, but it’s what I’m trying to do I guess.

G’Day

This would all depend on your routers ‘features’.

I have setup routers in .au , .uk & .nz I typically used VLANs to segregate traffic

You could create a framed route or physically wire CAT6 & have different IPV4 schemes on the RJ45s with one being 10.1 … & another 192.168 … with a blacklist “RULE”

You could create a DMZ for the servers

I have setup honeypots & allowed all traffic to flow so we could capture ‘! tor’ IPs

All or none of these are possible depending on your router :slight_smile:

BTW - Pls. don’t tell me the make & model of your router here