1 WAN with 32 IP ADDRESSES, bridging



  • I have multiple IP addresses assigned to virtual IPs on a single WAN.  I need to bridge one of those ip addresses to a server on the LAN.  For the life of me, I cannot figure out how to do this.
    Could someone give me an example?  any help would be appreciated.  Thanks.



  • I believe you are looking for the 1-to-1 NAT which maps an 1 Virtual IP to an internal IP. You can find it on the 1:1 tab of the NAT section.

    Any traffic destined for that virtual IP all gets redirected to the internal IP you specify.



  • Thanks, I know about 1:1 nat, but what I need is to have that Virtual IP assigned to the interface on the server (software requirements)
    I could switch it out before the router and place it directly on the server, but I was hoping for some kind of bridging solution, so I could run everything thru PFSense.


  • LAYER 8 Netgate

    Ideally you should get your ISP to assign a /29 for your interface and route that /27 to an address on that.

    But bridging WAN can be done. What isn't working?



  • everything is routed from the ISP… no bridging from them.

    I don't want to bridge the entire WAN, just one of the IP addresses..  I don't know how, or if it is even possible

    I actually have 3 subnets

    x.x.x.32/29 (1 gateway 5 usable)
    x.x.x.72/29 (1 gateway 5 usable)
    x.x.x.80.28 (1 gateway 13 usable)

    I want to assign x.x.x.35 to server on lan going thru pfsense

    could I just put in a static route?  hmmmm



  • I'm looking to do something similar as I have a server that needs to be NAT-less but still be behind firewall for traffic shaping purposes.

    I think it needs to be put in a DMZ.



  • @ronwbrown:

    I don't want to bridge the entire WAN, just one of the IP addresses..  I don't know how, or if it is even possible

    I actually have 3 subnets

    x.x.x.32/29 (1 gateway 5 usable)
    x.x.x.72/29 (1 gateway 5 usable)
    x.x.x.80.28 (1 gateway 13 usable)

    I want to assign x.x.x.35 to server on lan going thru pfsense

    You can break the x.x.x.32/29 into two /30 subnets, then assign the second of them to the LAN or DMZ interface of pfSense.

    ISP x.x.x.33 –--- x.x.x.34/30 pfSense x.x.x.37/30 ----- x.x.x.38/30 Server

    Now, since the ISP still believes that his router shares L2 segment with the whole x.x.x.32/29 subnet, you have to trick him using ProxyARP VIP x.x.x.38/32 on the WAN of pfSense that will make the server reachable from the Internet.


Log in to reply