Public IP Block
-
So we have a IP block of static IPs (74.221.216.192/27) that is static routed from the ISP to us.
ISP (/32 uplink IP) – L3 Switch(0.0.0.0/0 routed to /32) -- pfSense
pfSense WAN has a public IP from the L3 switch on a subnet I allocated to it. I also want to route a full 74.221.216.192/27 block to pfSense and assign it to a opt2 port (4 ethernet ports on this appliance) for servers to have public IPs.
Question:
- How do I add the 74.221.216.192/27 to the op2 interface?
- How do I add the 74.221.216.192/27 gateway IP of 74.221.216.193 for the servers?
- How do I route the 74.221.216.192/27 traffic to through the WAN uplink on pfsense?
- Is there any firewall rules to add these dedicated IP's to the servers?
-
So we have a IP block of static IPs (74.221.216.192/27) that is static routed from the ISP to us.
ISP (/32 uplink IP) – L3 Switch(0.0.0.0/0 routed to /32) -- pfSense
pfSense WAN has a public IP from the L3 switch on a subnet I allocated to it. I also want to route a full 74.221.216.192/27 block to pfSense and assign it to a opt2 port (4 ethernet ports on this appliance) for servers to have public IPs.
Question:
- How do I add the 74.221.216.192/27 to the op2 interface?
Interface > LAN - Static IPv4 on address 74.221.216.193 netmask /27
- How do I add the 74.221.216.192/27 gateway IP of 74.221.216.193 for the servers?
Either statically or using DHCP. Nothing magical or mystical about public, routeable addresses here. They're just IP addresses.
- How do I route the 74.221.216.192/27 traffic to through the WAN uplink on pfsense?
Set the default gateway on WAN to be the L3 switch
- Is there any firewall rules to add these dedicated IP's to the servers?
What are you asking here?
The main thing you want to do is disable outbound NAT for the public subnet. And you don't need port forwards but you still need firewall rules that pass the traffic you want passed.
-
Thanks for the response Derelict! Had a couple follow up questions.
Interface > LAN - Static IPv4 on address 74.221.216.193 netmask /27
I already have LAN set with some internal ip ranges for normal usage. I'm assuming the same can be accomplished just by using one of the other OPT ports the appliance has, and use the same settings.?
Either statically or using DHCP. Nothing magical or mystical about public, routeable addresses here. They're just IP addresses.
I believe I would just use the previous step and set the OPT interface with a static ipv4.
The WAN is already setup with the L3 switch as the gateway and using a different IP range.
As for the NAT settings i've done this:
Firewall / NAT / OutboundSet to "Manual Outbound NAT rule generation".
- I added this rule in the Manual Outbound. Anything else I would need to do?
-
Yes. Put it on an available OPTX interface.
The point is to NOT perform NAT for those addresses, Not to add a NAT rule.
