Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Configure virtual IP Pfsense at OVH

    HA/CARP/VIPs
    2
    6
    3.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jef00
      last edited by jef00

      Dear members,

      Recently we got an ovh dedicated server where we have installed pfsense. The server runs on ESXI vmware. The intention is that the pfsense vm gets a WAN interface with a public IP, this works we have tested this. In addition, we have a LAN interface that distributes private ipadresses.

      What we want to do is that we assign a public IP to a vm host with a web server, so that when we approach the pubic IP via the web browser we get to the vm with the webserver, after research we find out that we have to configure a virtual IP in pfsense

      Our question is therefore how to assign the virtual ip, since at ovh an IP address is linked to a MAC address. In the web portal of ovh you must assign an IP to a MAC address and then the MAC address in ESXI at network settings of the VM

      IP information:

      1. WAN interface = 52.72.XX.XX.
      2. LAN interface = 192.168.1.0/24
      3. Virtual IP interface = 51.71.XX.XX. to the web server vm

      hopefully you can help us

      Sincerely,
      Jeffrey

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        OVH sucks for that. Ask them for a subnet routed to a small interface address and you can do whatever you like.

        That, or 1:1 NAT to private IP addresses on the inside.

        I, personally, would never host at OVH. Their service is apparently designed to place something like cpanel/plesk server right on their interface, not behind a router.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • J
          jef00
          last edited by

          @Derelict Thank you for your answer!

          Can you help us to configure 1:1 NAT to private IP ?
          0_1543691654447_Knipsel.PNG
          we have set the settings like image above are these settings correct?
          and have we to configure virtual ip?

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by Derelict

            Yes, with OVH (or any provider that puts the address on the interface instead of routing them to you as they should) you need to configure a virtual IP address that will respond to ARP.

            I would suggest an IP Alias type. you will put that address in the External Subnet IP field.

            Then your firewall rules will need to pass traffic to the inside address (192.168.1.101).

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • J
              jef00
              last edited by

              @Derelict Thank you

              So now if we go to the 51.75.xx.145 address we got de pfsense login page and if we go to the 51.75..xx.144 address we got the same this should be correct right?

              the firewall rules
              0_1543692417284_Knipsel.PNG

              is this correct?

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                No idea you are obfuscating too much to see what you're actually doing.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.