Passing traffic for public IP in lab

meisnick · September 9, 2020, 6:44pm

I am trying to bench setup some PFsense boxes and I need to set them to connect with their static addresses while inside my network. I vaguely recall a video covering this but I am at a loss how to pass the traffic to simulate the IP address.

brwainer · September 9, 2020, 6:49pm

Use another router with one or more LAN interfaces which each have the IP address of what the default gateway for the eventual ISP connection. So this router pretends to be the ISP for the ones you are setting up.

FredFerrell · September 11, 2020, 3:33am

You could also use a switch and give the outside interface of each pfsense an IP that is on your parent network and then NAT all traffic behind those IPs to any devices behind your pfsenses.

garethw · September 11, 2020, 9:18am

what @brwainer said.

Setup a pfsense instance (pfSense1) this will be the gateway between your setup gateway. It needs your normal lan on it’s WAN interface and your setup network on it’s LAN interface on the same IP range your device will eventually have. NAT from LAN to WAN on pfSense1. If you want/need to add an IP alias and static NAT that back through

setup your new / bench / test pfSense box (pfSense2) and connect it’s WAN to the LAN on pfSense1. If it’s static then give it an IP, if it needs to get it via DHCP, go back to pfSense1 and setup DHCP.

You can add additional LAN interfaces to pfSense1 for as many new boxes as you need providing you have the switchports / vlans to do so.

neogrid · September 11, 2020, 11:23am

@garethw was just curious, in the scenario you mention with two pfsense boxes connected.

Say if pfSense1 is on 192.168.10.x then the WAN on pfSense2 is 192.168.10.x while the LAN is 10.0.10.x.

How can a client on 192.168.10.x access a device/client on 10.0.10.x ?

brwainer · September 11, 2020, 12:57pm

You add a static route for 10.0.10.0/24 pointing to 192.168.10.xyz to the top router.

neogrid · September 11, 2020, 2:56pm

Previously I had two Asus routers connected with the same address range but with different subnets (I had to change the 2nd routers mode to something else - I forget now) using static routes to deal with the double NAT.

Ok thinking about it … that might work … not convinced but will try this out.

garethw · September 11, 2020, 9:07pm

As @brwainer said (I’ve said that a couple of time this week),

It does depend a little bit on your setup but if pfsense01 is also your default GW for you main network then you just need to add a route that says 10.0.10.x is behind the ip that pfsense02 has on it’s WAN IF.

If not then you have to put the same route in on every host that needs to see it (which is a bit of a pain in the neck potentially).

neogrid · September 12, 2020, 9:38am

ok thanks will try it out