Public IP through WAN interface
-
Hi,
No, I haven't configured the IP:
1.2.3.5
as a vip on pfsense.
This IP is configured on a PC that I would like to protect in pfsense.The IP address:
1.2.3.4
is the public IP assigned to the WAN interface.
Thanks. -
sorry he misunderstood your question.
Yes I configured the IP:
1.2.3.5
as a VIP address on the WAN interface.I configured it on the WAN public interface as "Virtual IP --> Type: IP Alias"
Thanks. -
Your info makes no sense... Draw up what your taking about...
You stated you 2 IPs on pfsense wan, its IP 1.2.3.4, and then vip 1.2.3.5
After that I have no idea what your going on about, because you then state same IP on some pc??
On pfsense I have this configuration:
Public IP interface wan: 1.2.3.4 with gateway 1.2.3.1then I have another public ip address:
1.2.3.5
which I configured it on the WAN public interface as "Virtual IP --> Type: IP Alias" -
sorry if I haven't clearly expressed my configuration, now I'll try again ..
on pfsense i have the wan interface that has public ip:
1.2.3.4
with gateway:
1.2.3.1then on a PC (which is behind pfsense) I have the public IP:
1.2.3.5
and i would like to pass traffic through pfsense, so i would like to protect this pc through pfsense.
If I configure on this PC the gateway IP:
1.2.3.1
the PC goes on the Internet but the traffic doesn't go through pfsense.
If on this PC I configure as a gateway:
1.2.3.4
the PC does not go to Internet.How can I go about achieving my goal?
thank you. -
@sasa1 said in Public IP through WAN interface:
This IP is configured on a PC that I would like to protect in pfsense.
You need to give this PC a local LAN address and use port forwarding or 1:1 NAT in order to use your VIP address.
Segregation of any publicly available PC to another LAN subnet firewalled off from accessing your primary LAN is also highly recommended. But that is the topic of another thread.
-
@chpalmer said in Public IP through WAN interface:
@sasa1 said in Public IP through WAN interface:
This IP is configured on a PC that I would like to protect in pfsense.
You need to give this PC a local LAN address and use port forwarding or 1:1 NAT in order to use your VIP address.
on the PC I would like to use the public IP and not the private IP,
is this possible? -
You can do a 1:1 nat to the public VIP.. To the internet your machine will be the public IP, on the local network it will be the rfc1918 address.
If you want it to be directly connected to the public network... Then put it on the public network directly, or do a transparent firewall setup...
-
@johnpoz said in Public IP through WAN interface:
You can do a 1:1 nat to the public VIP.. To the internet your machine will be the public IP, on the local network it will be the rfc1918 address.
with this solution on the pc I should change the public IP to a private IP, is that so ?
If you want it to be directly connected to the public network... Then put it on the public network directly, or do a transparent firewall setup...
if I use this solution, however, can I not protect the PC by enabling only traffic on specific tcp/udp ports ?Thanks.
-
Yes the pc would be on whatever lan network you have setup on pfsense, some rfc1918 space... Then create port forwards for what traffic you want to go to this PC, or sure do a full 1:1 - but better to just forward the actual ports you want/need.
-
however in all cases the "Virtual IP" must be of the "IP Alias" type, is that so?
Thanks. -
I have no where close to the amount of into about what your trying to do... I suggest you consult
https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-address-feature-comparison.html
But yes normally that type is what you would use.