Passing traffic for public IP in lab

I am trying to bench setup some PFsense boxes and I need to set them to connect with their static addresses while inside my network. I vaguely recall a video covering this but I am at a loss how to pass the traffic to simulate the IP address.

Use another router with one or more LAN interfaces which each have the IP address of what the default gateway for the eventual ISP connection. So this router pretends to be the ISP for the ones you are setting up.

1 Like

You could also use a switch and give the outside interface of each pfsense an IP that is on your parent network and then NAT all traffic behind those IPs to any devices behind your pfsenses.

what @brwainer said.

Setup a pfsense instance (pfSense1) this will be the gateway between your setup gateway. It needs your normal lan on it’s WAN interface and your setup network on it’s LAN interface on the same IP range your device will eventually have. NAT from LAN to WAN on pfSense1. If you want/need to add an IP alias and static NAT that back through

setup your new / bench / test pfSense box (pfSense2) and connect it’s WAN to the LAN on pfSense1. If it’s static then give it an IP, if it needs to get it via DHCP, go back to pfSense1 and setup DHCP.

You can add additional LAN interfaces to pfSense1 for as many new boxes as you need providing you have the switchports / vlans to do so.

@garethw was just curious, in the scenario you mention with two pfsense boxes connected.

Say if pfSense1 is on 192.168.10.x then the WAN on pfSense2 is 192.168.10.x while the LAN is 10.0.10.x.

How can a client on 192.168.10.x access a device/client on 10.0.10.x ?

You add a static route for pointing to to the top router.

Previously I had two Asus routers connected with the same address range but with different subnets (I had to change the 2nd routers mode to something else - I forget now) using static routes to deal with the double NAT.

Ok thinking about it … that might work … not convinced but will try this out.

As @brwainer said (I’ve said that a couple of time this week),

It does depend a little bit on your setup but if pfsense01 is also your default GW for you main network then you just need to add a route that says 10.0.10.x is behind the ip that pfsense02 has on it’s WAN IF.

If not then you have to put the same route in on every host that needs to see it (which is a bit of a pain in the neck potentially).

ok thanks will try it out