Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    using 2nd public IP subnet

    Routing and Multi WAN
    2
    3
    115
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gigawattx
      last edited by

      So when using google fiber, if you buy multiple public IPs they require you to use DHCP for the main /30 connection between your router and their service. Then they route the additional subet (/29) to the IP on your router (from the /30). When doing this years ago on an Adtran router, you could just add IPs fron that 2nd subnet as a secondary IP address on the WAN interface and that worked great (the default route to the carrier side of the /30 took care of getting it to the next hop).
      With pfsense if you don't want to route the /29 to a different physical interface, just want to use it as another WAN IP (or for port fowarding a service to a particular LAN IP etc), how would you go about doing that on pfsense?
      I've seen the virtual IP section under firewall - but it looked to me like it required those to be from within the subnet assigned to the WAN interface (in this case it is a /30 so there's really not any extra usable IPs).
      For example, if my connection with the carrier hands my pfsense router a (fake) public IP of 10.10.10.2/30 (with the carrier side / gateway being 10.10.10.1) and the additional /29 block of public IPs (10.20.20.16/29) the carrier routes to the 10.10.10.2 IP (assigned to the pfsense router via DHCP). How would I set it up so I can port forward 10.20.20.17 ports 80 and 443 to my internal web server at (192.168.200.10 on the LAN)? I know those 10.x aren't actually public IPs, just trying to give an example so better explain what I'm trying to ask.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @gigawattx
        last edited by

        @gigawattx
        You just need to forward the desired traffic with a port forwarding rule.
        At destination select "Address or Alias" and enter your public IP into the next box. State the destination port (I use an alias for 80 and 443 to catch both with a single rule) and state the redirect target IP and port.

        Since the public IP is routed to the primary WAN IP, the packet destined to it arrive on the WAN and pfSense can simple forward them.

        Assigning the additional public IPs as virtual IPs (IP alias) would also be possible, even if it's another subnet than the primary WAN. However, this is only necessary if you want to use one for a service running on pfSense itself.

        G 1 Reply Last reply Reply Quote 0
        • G
          gigawattx @viragomann
          last edited by

          @viragomann perfect - thank you for the response

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.