pfSense incoming wan to lan (public ip)
-
3 set of /24 so you have 762 public ip? are you an isp ?
-
@kiokoman no..im hosting provider..provide vps and dedicated server..
This setup is for my rack in datacenter -
ok .. it was strange that someone with only 1 post say something like that, anyway, try to be more specific if you want someone to be able to help you, like how is actually configured your network, make a draw if you can.
for example i have 1 wan with 8 ip and i'm using virtual ips.
Provide more information and someone with the necessary experience will help you eventually
Sorry but I have zero clue about TNSR
if you have a tac support you can contact them 24/7 https://www.netgate.com/support/ -
So your going to be using TNSR?
With so many IPs I would assume they are actually routed to you... So you would just put the different /24s you have behind pfsense.. And then just turn off nat..
If they are not routed to you.. Then you would do it via VIPs and say 1:1 nat..
-
@johnpoz said in Psfence incoming wan to lan (public ip):
If they are not routed to you.. Then you would do it via VIPs and say 1:1 nat..
If they are not routed and he is using pfSense (besides in the wrong forum section then ;)) it would be a real PITA to add all the IPs from multiple /24 as IP Aliases ;) I'd really go into discussion with my upstream ISP then to get that routed! But 3 times /24 sounds like someone is a RIPE/ARIN/whatever member and got a /22 delegation, so a routing should be possible from their LIR.
-
Yeah I agree.. with so many addresses routed is the best solution.. Shit if only a /28 routed would be better ;)
But you can do 1:1 with a subnet/range - see the range/subnet example here
https://docs.netgate.com/pfsense/en/latest/book/nat/1-1-nat.html#example-ip-address-range-1-1-configuration -
Yeaaaah... but if you're using NAT anyways you could at least use it to bring you more ease. And it's pretty easy to update/switch servers for a customers by simply re-deploying/rolling out new hardware/VMs and simply switch the external IP to the new internal one. But that's a "no" if you have strict 1:1 subnet matching ;)
-
I'm with you... Its going to be much easier to just have the networks routed to you..
-
Nothing TNSR related here. Moved to pfSense.
-
@johnpoz i think this is the best way.. tq sir