Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [SOLVED] Public ip behind pfsense

    Routing and Multi WAN
    4
    12
    4136
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nelioromao last edited by

      I Pfsense team,

      I will like to have some help to setup a range of public's ip behind pfsense.
      Let's say that i have from my ISP something like xxx.xxx.xxx.xxx/24

      I don't want to use any NAT technologies.

      What is the best/perfect Setup?
      I have google it and just find a little bit of information but not enough to make a perfect setup.

      Tank you.

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        is this /24 routed to you??  Or did they just give you a /24 hung off their network?  If its routed to you via a transit than its as simple as setting up any other network behind pfsense.  Just turn off its outbound nat.

        1 Reply Last reply Reply Quote 0
        • N
          nelioromao last edited by

          This a more realist Sample

          Suppose ISP provides a public IP subnet 211.100.200.152/255.255.255.248
          gw: 211.100.200.158

          The public IP addresses we can use are between 211.100.200.153 to 211.100.200.157.

          non-NAT subnet so that the server behind pfsense  can use the public IP address 211.100.200.154.

          1 Reply Last reply Reply Quote 0
          • K
            kpa last edited by

            Your ISP doesn't have a clue  ::)

            That subnet is terminated at their own router which means that the only way you can use public IPs on your systems and have pfSense between the systems and the ISP router at the same time is to use a filtering bridge.

            1 Reply Last reply Reply Quote 0
            • johnpoz
              johnpoz LAYER 8 Global Moderator last edited by

              or setup 1 to 1 nat with vips in that range to rfc1918 behind pfsense.

              That is not a routed network to you.. That is just hung off their network.  The only way you can use that without natting is to bridge it like kpa mentions.

              A routed network would be something like say.

              211.100.200.152/30 as the transit.. where say your pfsense box is .153 with gateway of .154.. And then they routed 211.100.200.160/29 too that 211.100.200.153 address then you could put the 211.100.200.160/29 behind pfsense without nat.  Where pfsense would be say .161 on its interface and then your boxes behind would be .162 to .166 with their gateway being pfsense .161 address.

              1 Reply Last reply Reply Quote 0
              • N
                nelioromao last edited by

                Tank you  PFsense team

                I Find something else hear with the setup but is a old post.
                Will this work on 2.3.3 pfsense release :o

                https://forum.pfsense.org/index.php?topic=104528.msg582816#msg582816

                Seams like the solution is to bridge

                Tank you
                Any further ideas/solutions will be appreciated :)

                1 Reply Last reply Reply Quote 0
                • johnpoz
                  johnpoz LAYER 8 Global Moderator last edited by

                  I wouldn't call a bridge a solution.. I would call it a work around to make it work ;)  If you can not true routed network.

                  What are you trying to do that natting is not a solution to your problem.. Just create your vip, create your 1to1 and now just work with pfsense with normal firewall rules, etc.

                  1 Reply Last reply Reply Quote 0
                  • T
                    TeknikL last edited by

                    I run several subnets behind pfsense in routed mode (no nat rules) and it works fine. make sure the routed subnet is a different interface than your NATted LAN interface, that helps.

                    1 Reply Last reply Reply Quote 0
                    • N
                      nelioromao last edited by

                      :) Nice to know that Tank you.

                      • Can you give some details how you have you setup for that.

                      • For the moment i im using the  bridge solution. not the best setup.

                      1 Reply Last reply Reply Quote 0
                      • johnpoz
                        johnpoz LAYER 8 Global Moderator last edited by

                        Dude you can not run the networks behind pfsense unless they are actually ROUTED TO YOU!!  If they are routed to you, then you would do it just like any other network you create on pfsense.. You would just turn off nat.

                        1 Reply Last reply Reply Quote 0
                        • N
                          nelioromao last edited by

                          8). Yes you are 100% write.  That is what i have just done. and works very good.

                          1 Reply Last reply Reply Quote 0
                          • johnpoz
                            johnpoz LAYER 8 Global Moderator last edited by

                            What works very good what you stated what you had /29 that you were connected too - no networks routed to you from your statements.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post

                            Products

                            • Platform Overview
                            • TNSR
                            • pfSense
                            • Appliances

                            Services

                            • Training
                            • Professional Services

                            Support

                            • Subscription Plans
                            • Contact Support
                            • Product Lifecycle
                            • Documentation

                            News

                            • Media Coverage
                            • Press
                            • Events

                            Resources

                            • Blog
                            • FAQ
                            • Find a Partner
                            • Resource Library
                            • Security Information

                            Company

                            • About Us
                            • Careers
                            • Partners
                            • Contact Us
                            • Legal
                            Our Mission

                            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                            Subscribe to our Newsletter

                            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                            © 2021 Rubicon Communications, LLC | Privacy Policy