Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Public IP behind pfsense via bridge

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    3 Posts 3 Posters 193 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      qsthensel
      last edited by

      Hi,
      I am using pfsense 2.4 with a simple setup with one WAN interface an a public /28 subnet.
      Various internal services within this subnet are accessible via Virtual IPs an Port Forwarding to internal IPs.
      No I got an VPN Box from an customer which needs to be assigned a public IP directly without NAT.
      I thought about realizing this via bridging as described in this scenario:
      https://docs.netgate.com/pfsense/en/latest/book/firewall/methods-of-using-additional-public-ip-addresses.html#single-ip-subnet-on-wan
      pfsense itself hay IP a.b.c.2, my public gateway has a.b.c.1 as configured as default gateway on pfsense
      I attached the box to a new interface OPT1 of my pfsense giving ist the ip a.d.c.3
      I set up a bridge with the member Ports WAN and OPT1.
      OPT1 hat no own IP config.
      I allowed every traffic on Interface OPT1
      I allowed every traffic to a.b.c.3 on WAN

      I suggest that now I could access a.b.c.3 from "the internet"
      That does not work.
      Doing a packet capture on OPT1 I see ARP requests for a.b.c.3 comming from the gateway a.b.c.1 without answer.
      Doing packet capture on the vpn box there are no arp requests.

      I assigned a new interface called BRIDGE with the network port bridge0 (it's my only bridge)
      I changed system tunable net.link.bridge.pfil_bridge to 1
      allowed every traffic on Interface BRIDGE
      This does not work too.
      I see arp requests from the gateway on the interface BRIDGE (and the Interface OPT1) requesting for a.b.c.3 bit these are not answered an not getting through to net vpn box.

      Is there anything I forgot?
      Maybe someone has a hint where I can start to analyze where the problem is?

      Best Regards

      1 Reply Last reply Reply Quote 0
      • G
        gravity27
        last edited by

        I came to this forum with almost exactly this question, although I haven't tried it, just been thinking about it.
        The only thing I can think of that's missing in your config is this: have you added the a.b.c.3 address as a virtual IP on the WAN interface?

        gr.
        tinus

        1 Reply Last reply Reply Quote 0
        • S
          SteveITS Galactic Empire
          last edited by

          If you already have NAT configured for the others, did you look into 1:1 NAT (https://docs.netgate.com/pfsense/en/latest/book/nat/1-1-nat.html) which forwards all traffic for the public IP to that private IP? Or does the VPN device actually require a public IP address in it?

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.