5 Public IPs and 1 WAN interface

riaano

Hi all,

I searched all over and could not find a post that pertains to my situation….
So if this is a duplicate post i really do apologize....
We just received our fibre broadband and the ISP gave us 5 public ips.

my set up  looks something like this :

Fibre  / Internet ----> Router (192.168.0.1/24) ------> pfsense 2.0.1 (10.0.0.1/8) ------> network (10.0.0.0/8)

Now 1st off...only when my wan interface is on DHCP do i have internet access (i have tried multiple combinations )
2nd - im assume it's not as simple as doing a NAT to say source address : xxx.xxx.xxx.xxx (public ip) and destination : yyy.yyy.yyy.yyy (local pc ip)

Can someone please point me to a tutorial for NAT with multiple public ips on 1 wan interface (and if possible the static ip wan interface)

Feeling really stupid....

Thanks,

chpalmer

Create a VIP for each of the public IP addresses.  Then 1:1 NAT to the intended devices on your LAN.

Ive never done a public IP on the WAN when the primary address is a private space address though so someone else will have to comment or you will have to experiment.

chpalmer

Also- there are alternative language forums lower in the list.  I assume you speak French so I will link it here…

http://forum.pfsense.org/index.php/board,7.0.html

In case that helps you better..    :)

riaano

Hi,

Thanks chpalmer for the reply, i am actually Afrikaans, but English is my second language :)

I figured out how to get internet access via static ip address :)  so that part i got sorted.

What type of VIP do i create for public ips ?

I would like to confirm :

Once i created the VIPs, the nat 1:1 will look like this :
External IP : Public IP / Virtual IP
Internal IP : IP of pc it needs to be forwarded to
Destination IP : blank

Thanks,

cmb

Your 1:1 NAT description is correct.

Info on VIPs here:
http://doc.pfsense.org/index.php?title=What_are_Virtual_IP_Addresses%3F

chpalmer

Sorry-  I meant to post that language post on another thread..    ::)  I was wondering where it went…

;D

cmb

@chpalmer:

Sorry-  I meant to post that language post on another thread..    ::)   I was wondering where it went…

;D

I was wondering where the comment came from. ;D Seemed to be perfectly fluent in English to me.

riaano

Thanks for all the replies,

Finally they setup my router correctly today and now 1 of my 5 public / external ips is my WAN address. NAT also needed to be disabled on the router.
Then i setup the remaining 4 public / external ips as VIP (Proxy ARP) and just did normal NAT port forward and it works like a charm  ;D
No NAT 1:1 needed ;D

Thanks everyone !