Public IPs on a LAN



  • Hello,

    I'm trying to set use my public IPs statically on my servers.  Here's my configuration right now:

    –internet--> 24.x.111.143(WAN) --> 192.168.1.1(LAN) --> Switch --> Servers(192.168.1.x)

    I'm currently using SNAT and DNAT (or 1:1 NAT to pfSense) to translate my private IPs to public IPs and vice versa.  I've recently come upon a circumstance where I now need to actually statically set my servers to their public IP address.  So instead of using 1:1 NAT I need to kill NAT once and for all and just use pfSense as a passthrough device to my servers.  Heres my idea:

    I'm given the below block of IP Addresses:
    24.x.111.143/29
    or
    24.x.111.143-151 (block of 8)

    eth0 = 24.x.111.143/32 (WAN)
    eth1 = 24.x.111.150/29 (LAN)

    Therefore, the servers would be configured:

    IP: 24.x.111.145
    Gateway: 24.x.111.150
    Mask: 255.255.248.0


    Everytime I try this I can't even connect to the gateway.  Am I going in the right direction with this?  How would you guys do it?



  • You cannot have a /32 as WAN (unless you have PPPoE WAN).
    And from what you desribe it seems that you just can use the 24.x.111.143/29 block.

    You could go with the "transparent bridge" approach where the pfSense has no IP out of this range.
    In fact the IP you have on the pfSense is only to manage it.
    The clients have then public IP's out of your usable range.
    They have the gateway you have now on the pfSense directly.
    –> The will not send traffic to the pfSense and pfSense will not NAT it.

    Make sure you set the correct gateway and the correct subnetmask
    (are you sure you mean 255.255.248.0? this is a /21 subnet instead of a /29 --> 255.255.255.248)

    Search the forum and the tutorials on how to set this up.


Log in to reply