Access public IPv4s from LAN
-
Hi,
I have a public /27 IPv4 subnet from my datacenter.
I've assigned 89.x.x.222 IP to WAN, that's working properly. If I use DHCP on my servers behind the pfSense, the internet connection is working fine. But if I try to assign 89.x.x.196 from my subnet, it's not working.
How can I access public subnet behind the FW?
Thanks,
H -
@hrustakv One can't use the same IP subnet on two interfaces. If you want to use public IPs on LAN you need the data center to give you an IP or a small routing subnet for your WAN. Then they route your /27 to an IP on the WAN, and pfSense will know to send those along to LAN.
Otherwise you can use 1:1 NAT to map public IPs to private.
Note if you have two routers you can use CARP for the WAN IP, to which they route your subnet.
-
@SteveITS Thank you for answer.
So, can I assign more IP addresses to the server using NAT? I want to use virtual servers on it with public IP binded (no local IPs using port forwarding). Is it possible?
Otherwise, we will request for another IP.
Thanks
-
@hrustakv 1:1 NAT is using private IPs on LAN.
If you want public IPs on LAN you need at least one (usually public) IP on WAN to which the data center will route them.
-
@steveits Soo, I have to request an IP from another gateway?
-
@hrustakv Normally one can't use the same subnet on both sides of a router, or the router won't know where to route the traffic. The exception is a bridge if you want to go down that road. Otherwise what I'm talking about is here:
https://docs.netgate.com/pfsense/en/latest/recipes/route-public-ip-addresses.html -
@hrustakv Another document is here:
https://docs.netgate.com/pfsense/en/latest/firewall/additional-ip-addresses.html
You have: Single IP Subnet on WAN
-
@derelict Hmm, and what if I use "Transparent bridge"?
-
@hrustakv Up to you. I would get the service provisioned like I need it (routed subnet) if it was me.
-
@derelict So, I got info from my ISP, that they cannot assign me extra IPv4 from another gateway. If I assign IP to WAN, I can't use the subnet from LAN. If I assign IP to LAN, I don't have access to the internet. Is there any other way exclude port forwarding? Thanks.
-
@hrustakv I fixed the problem. I didn't have a bridge built over the WAN, only on LAN ports. :)
