• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Public IP on server interface

Scheduled Pinned Locked Moved HA/CARP/VIPs
6 Posts 4 Posters 4.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Z
    Zeon
    last edited by Aug 6, 2008, 9:06 PM

    Hi everyone,
    I'm just trying to figure out how I would go about disabling NAT for a number of public IPs I have and running these actual addresses on the actual interface cards of my servers. At the moment I am using virtual IPs but these are less than ideal. For example I have a /28 subnet, the first address should be the WAN interface of pfsense and the rest should be able to be configured on the NICs of a number of servers I have that are on the LAN interface (I can setup VLANs if need be).

    Thanks

    1 Reply Last reply Reply Quote 0
    • T
      trendchiller
      last edited by Aug 6, 2008, 9:49 PM Aug 6, 2008, 9:20 PM

      why are you not using 1:1 NAT ? (Firewall -> NAT -> 1:1)

      just map the external IP 1:1 to the internal server ip ?

      1 Reply Last reply Reply Quote 0
      • Z
        Zeon
        last edited by Aug 7, 2008, 12:38 AM

        So with 1:1 nat am I able to configure the interface card on my server to use the public IP? or should i have both the external and internal IP on the one interface?

        1 Reply Last reply Reply Quote 0
        • D
          dotdash
          last edited by Aug 7, 2008, 2:34 PM

          The easiest thing to do is to follow trendchiller's advice, add VIPs for your additional publics, and use 1-1 NAT.
          If you need to have public IPs on the servers, you would need to create a DMZ interface for your servers and bridge that interface with the WAN.

          1 Reply Last reply Reply Quote 0
          • T
            trendchiller
            last edited by Aug 10, 2008, 8:12 PM

            why not use 1:1 NAT with private IPs at the servers and public on pfsense and NAT them 1:1 to the servers and for outgoing NAT use AON (advanced outbound nat) and give every server its own ip or use different gateways on pfsense for outgoing traffic from the servers ?
            dmz is also ok, bit i do not understand the need to have the public IPs on the server NICs…

            1 Reply Last reply Reply Quote 0
            • P
              podilarius
              last edited by Aug 15, 2008, 2:47 AM

              I have had this setup before, but I was not using pfsense at the time. But since I was using pf on openBSD it should be close. There was no need other than all the server IPs would have had to change and there where a lot of servers. What we setup was a bridging firewall. Some call it an IP-less firewall. Either way you are going to be filtering packets as they cross the kernel.

              As I understand it pfSense can do this. I have not tested this, but I hear it works well. I bet there is even a doc on how to do this. We had a 24 bit subnet and all machine (even the users :-O through dhcp). If you are going to have a setup where some are NATed and some servers that are not NATed then perhaps you need firewalls with 3 interfaces. 1 LAN, 1 WAN, and on bridged interface with the WAN and all server on that. Then you can filter using rules based on interface.

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received