pfsense disabling firewall for one specific ip
-
@johnpoz I've a block of 50
-
OK good. That's a start. Now what are you trying to accomplish that requires what you are describing?
-
You have a block of 50 IPs?? so part of a /26? Seems ODD number to give someone... And with such an odd number its not actually routed to you... So your just attached.
If that is the case then the solution of a switch and putting the box in front of pfsense is your best solution.
I would just use the IPs you want out of your 50 as VIPs and do 1:1 NAT to boxes behind that you want all traffic to go to.
-
@johnpoz I've multiple public IP's, I just need one local ip which I setup as ONE TO ONE NAT to bypass my firewall, I appreciate all your quick responses but it seems like it's a joke to some people, I am switching from FortiGate 900D
-
It's not a joke but we can't figure out why you insist on doing it that way, and you refuse to explain what you're trying to do despite several requests.
-
@sbwcws said in pfsense disabling firewall for one specific ip:
ONE TO ONE NAT to bypass my firewall,
Then create an any any firewall rule - its that simple.. there will be nothing blocked.. Just natted.
If you don't want it natted at all - then connect the device in front of your pfsense and give it your public IP..
But I am with KOM here - you have not provide any info at all to why anyone would want/need to do such a thing. So to be honest it doesn't even peak my interest enough to think through how could be possible, if at all.. You could always get support direct from netgate/pfsense - with such a large deployment and moving away from fortigate sounds like enterprise level shit, have to assume you have a support contract with netgate ;)
You might be able to do some hackery shit with a bridge, etc. But yeah it would be messy!
-
Thanks consider this resolved.
-
20 replies later and we still don't know what the original problem was, nor the solution used.
-
@KOM You might need to scroll up..
-
@johnpoz said in pfsense disabling firewall for one specific ip:
@sbwcws said in pfsense disabling firewall for one specific ip:
ONE TO ONE NAT to bypass my firewall,
Then create an any any firewall rule - its that simple.. there will be nothing blocked.. Just natted.
If you don't want it natted at all - then connect the device in front of your pfsense and give it your public IP..
But I am with KOM here - you have not provide any info at all to why anyone would want/need to do such a thing. So to be honest it doesn't even peak my interest enough to think through how could be possible, if at all.. You could always get support direct from netgate/pfsense - with such a large deployment and moving away from fortigate sounds like enterprise level shit, have to assume you have a support contract with netgate ;)
You might be able to do some hackery shit with a bridge, etc. But yeah it would be messy!
Thanks
-
@viragomann said in pfsense disabling firewall for one specific ip:
If you want to keep it behind pfSense why don't you want to go with NAT?
If the machine should get a public IP and bypass the firewall, why don't you connect it to WAN?Do you have multiple public IPs or a public subnet?
Thanks
