Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best way to route this simple setup?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 794 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      elementalwindx
      last edited by

      I have 5 static ips. I need to have 1 device utilize that IP in and out. What is the best way to do this? 1:1 nat? Just go in and set that 1:1 nat and done?

      IE my.out.side.ip routes to 192.168.1.9 (my device internal ip)

      Thanks.

      This is for a VOIP phone system that is supposed to be on the edge of the network. (Trying not to put it on the edge obviously). I need the voip phone system to be as little nat'd firewalled as possible. It needs to be able to go out that public ip, and everything come in that public ip.

      1 Reply Last reply Reply Quote 0
      • M Offline
        marvosa
        last edited by

        There are multiple ways depending on what you're doing.  1-to-1 NAT will work, but if I'm not mistaken, now that IP is bound to that server and can't be used by anything else.  The fact that you only have 5 IP's to begin with, the thought of binding 20% of your static block to one device seems very aggressive to me.

        Personally, I would do this:

        • Assuming 1 static is already assigned to your WAN interface, bind the other 4 IP's to your WAN interface via IP Alias

        • Change your Outbound NAT mode to Hybrid and add an Advance Outbound NAT entry for 192.168.1.9

        • Inbound traffic would then be controlled via port forwarding

        • Outound traffic would then be translated per the outbound NAT mapping

        This would be the most efficient use of your static block.

        1 Reply Last reply Reply Quote 0
        • E Offline
          elementalwindx
          last edited by

          I might not have asked the initial question correctly.

          I have to get the pbx to use one of the public ip addresses and there has to be no interference from the pfsense unit at all (but I don't want to physically put it in front of the pfsense). I need to make it as transparent as possible though.

          Is there a way I can set up one of the extra interfaces on the pfsense to make this work?

          Maybe enable the interface, leave it with a none configuration, add it to a bridge interface, and set the pbx to the public address? Not quite sure how to do that either though.

          Is it even possible to bridge 1 public ip out of a 5 public ip subnet?

          Is it possible to make the one bridged interface transparent?

          1 Reply Last reply Reply Quote 0
          • ? This user is from outside of this forum
            Guest
            last edited by

            In normal there are three common ways to solve this out.

            • PBX like Asterisk inside of the DMZ (APU2C4, Raspberry PI,….)
            • STUN Server outside in the Internet or on the ISP side
            • SIP-ALG inside of the Router or Firewall (likes the SIP-Proxy package for pfSense)

            Asterisk VoIP
            Siproxd package
            VOIP configuration
            PBX VoIP NAT How-to

            Here are some other peoples speaking about they get it right done!
            Overview on configuring pfSense Firewall/NAT for VOIP SIP phones?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.