Static public ip on lan client
-
is it possible to have a external ip on the lan side for a client machine ?
if yes a small howto would be apreciatedthnx
-
I'm not sure why you want to put an external IP address on an internal NIC. Perhaps it would help if you could explain what you're trying to do.
-
If you don't have a separate interface and at least /29 for this (plus at least /30 for your WAN), forget about it. Configure 1:1 NAT and move on.
-
i got 2 /24 blocks on the wan side and multiple nics
now how would i go by doing this ? it can't be that much of a secret….....
the reason for this is i have a bunch of houses on an island with wifi cpe's and these ppl like to have a public ip and the cpe set to router mode so they can port forward their stuff
-
In a nutshell:
- Take one of the /24s, put it on some OPT interface
- Now, go to outbound NAT configuration, switch either to Manual Outbound NAT, or to Hybrid NAT on 2.2.x (much better) and click Save.
- Now, you'll see a bunch of rules shown. Locate the NAT rule for your /24 containing the public IPs and delete it. Click Apply changes.
- You need proper firewall rules on that OPT to permit outbound traffic. Configure a DHCP server on that OPT interface to give out the public IPs.
- Finally, if the goal is that users will maintain their own firewall on their CPE or whatnot, go to WAN firewall rules and allow all inbound traffic to OPT (i.e., source - any, destination - OPT subnet)
You could split the other /24 and do the same, just keep some small /30 for WAN, unless you already have a separate one for that purpose.
Important note: You will want to block both inbound traffic from WAN and from OPT to the IP assigned to the OPT interface on pfSense, ports TCP 22/80/443 at least. You do not want everyone to mess with your WebGUI and hammer SSH. Be careful with the rules ordering.
-
thank you very much i will give this a shot later on on a test machine so i don't break the production box ;D