[SOLVED] Public ip behind pfsense
-
I Pfsense team,
I will like to have some help to setup a range of public's ip behind pfsense.
Let's say that i have from my ISP something like xxx.xxx.xxx.xxx/24I don't want to use any NAT technologies.
What is the best/perfect Setup?
I have google it and just find a little bit of information but not enough to make a perfect setup.Tank you.
-
is this /24 routed to you?? Or did they just give you a /24 hung off their network? If its routed to you via a transit than its as simple as setting up any other network behind pfsense. Just turn off its outbound nat.
-
This a more realist Sample
Suppose ISP provides a public IP subnet 211.100.200.152/255.255.255.248
gw: 211.100.200.158The public IP addresses we can use are between 211.100.200.153 to 211.100.200.157.
non-NAT subnet so that the server behind pfsense can use the public IP address 211.100.200.154.
-
Your ISP doesn't have a clue ::)
That subnet is terminated at their own router which means that the only way you can use public IPs on your systems and have pfSense between the systems and the ISP router at the same time is to use a filtering bridge.
-
or setup 1 to 1 nat with vips in that range to rfc1918 behind pfsense.
That is not a routed network to you.. That is just hung off their network. The only way you can use that without natting is to bridge it like kpa mentions.
A routed network would be something like say.
211.100.200.152/30 as the transit.. where say your pfsense box is .153 with gateway of .154.. And then they routed 211.100.200.160/29 too that 211.100.200.153 address then you could put the 211.100.200.160/29 behind pfsense without nat. Where pfsense would be say .161 on its interface and then your boxes behind would be .162 to .166 with their gateway being pfsense .161 address.
-
Tank you PFsense team
I Find something else hear with the setup but is a old post.
Will this work on 2.3.3 pfsense release :ohttps://forum.pfsense.org/index.php?topic=104528.msg582816#msg582816
Seams like the solution is to bridge
Tank you
Any further ideas/solutions will be appreciated :) -
I wouldn't call a bridge a solution.. I would call it a work around to make it work ;) If you can not true routed network.
What are you trying to do that natting is not a solution to your problem.. Just create your vip, create your 1to1 and now just work with pfsense with normal firewall rules, etc.
-
I run several subnets behind pfsense in routed mode (no nat rules) and it works fine. make sure the routed subnet is a different interface than your NATted LAN interface, that helps.
-
:) Nice to know that Tank you.
-
Can you give some details how you have you setup for that.
-
For the moment i im using the bridge solution. not the best setup.
-
-
Dude you can not run the networks behind pfsense unless they are actually ROUTED TO YOU!! If they are routed to you, then you would do it just like any other network you create on pfsense.. You would just turn off nat.
-
8). Yes you are 100% write. That is what i have just done. and works very good.
-
What works very good what you stated what you had /29 that you were connected too - no networks routed to you from your statements.
