Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to add 5 routable IP's and assign one to a server

    Firewalling
    3
    12
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • KOMK
      KOM
      last edited by

      You do it via Virtual IPs (Firewall - Virtual IP).  Add an IP Alias for every public IP address that is not your WAN.  Then you can port-forward your servers to those IPs.  Don't use 1:1 NAT unless you need to expose the entire server.  For example, if you want to provide access to a web server, do a port-forward for ports 80,443 from one of your virtual IPs to the LAN IP of the web server.

      https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses

      https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

      https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

      1 Reply Last reply Reply Quote 0
      • L
        lmartinez073
        last edited by

        Hi

        Thank you for your answer, I will be renting some VPS to some clients, I guess I need to do 1:1, do you know if is possible to configure the external IP into an internal server? like eth0 configuring by DHCP one of this externals IP?

        1 Reply Last reply Reply Quote 0
        • L
          lmartinez073
          last edited by

          witch one of this should I use?

          CARP
          Proxy ARP
          Other
          IP Alias

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Depends on how you want them to behave.

            https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses

            As for assigning public IP addresses directly to a server behind your firewall, you can't.

            You would want to talk to your upstream and get another subnet routed to an address on your /29.  You would then create an interface on pfSense with that network on it.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • L
              lmartinez073
              last edited by

              Thank you for your answer.

              Do you know how does ISP to assig the IP's to the servers?

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                What?

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • L
                  lmartinez073
                  last edited by

                  I am renting a VPS and they have the external IP configured in the VPS and a internal IP, I was asking if somebody knows how some of these companies do that.

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Proper routing of IP addresses to VMs.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • L
                      lmartinez073
                      last edited by

                      Could you give me some examples of routing to have the public IP locally in the VPS or a URL with the explanation?

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        Your colo provides a /29.  Call it 8.8.8.8/29

                        You configure your pfSense WAN like this:

                        Address: 8.8.8.11
                        Netmask: 255.255.255.248
                        Gateway: 8.8.8.9

                        Your colo routes the following to 8.8.8.11: 8.8.4.0/24

                        You configure OPT1:
                        Address: 8.8.4.1
                        Netmask: 255.255.255.0

                        You disable outbound NAT for OPT1

                        You tag the OPT1 network to the vswitch that's supposed to have the Real IPs for VMs.

                        VMs use 8.8.4.1 as the default gateway.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • L
                          lmartinez073
                          last edited by

                          Thank you for your answer

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.