• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Possible to have ISP Static IP's set to int, and have local IP's for devices?

Scheduled Pinned Locked Moved Firewalling
3 Posts 2 Posters 352 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    kntnt
    last edited by Oct 13, 2017, 3:37 AM Oct 13, 2017, 3:00 AM

    I have a SG-4860.
    The sites current setup:
    4 separate networks, each has own Static IP, Lan1/lan2/lan3/lan4
    on a 4 port ISP Modem -> 4 separate Cisco residential Routers (double NAT) 5 static IP assignments from ISP
    pfsense needs to have a separate Static IP from networks, however it can share with Lan4
    Lan1 and lan2 needs to forward ports to certain machines, with static IP's. This I can do.
    Lan3 has to pass PCI compliance, so a static IP, seperate from Primary with no open ports is needed. This, i find difficult. Basically every computer on this switch needs to show as from one specific Static IP assigned to the interface.
    Is it possible to assign a static IP from ISP to LAN3 interface, plug a switch in, and have pfsense handout local IP's through DHCP?
    It sounds like it has to have a router behind it?
    I hope that makes sense.
    I would like to avoid double NAT, but is that what needs to happen?

    1 Reply Last reply Reply Quote 0
    • Y
      yyaghi
      last edited by Oct 21, 2017, 12:46 AM

      Hi,

      I actually have that accomplished. So, from what I understand…you have 4 internal networks and Multiple WAN IPs. What you want is for the clients connected to a switch on one of the LANs to leave from a specific Public IP. That is possible.

      So, first thing you need is to setup virtual IPs. One for every Public IP. In the description, give it a meaningful name.
      Once that is done, go to Firewall -> NAT -> Outbound NAT.

      I personally have "Hybrid Outbound NAT" selected. Select that and hit save. Now, what you need to do is scroll down to the mappings on that same page and add the new rule.
      For Interface: WAN
      For Source - Select the type "Network" and then the Source IP (IP of LAN with the subnet /24 if you're using the whole subnet)
      Destination: Any

      Then in the translation select the Address (which is the Public IP you want the traffic to leave from) and then hit save!

      Make sure to apply the settings and check the public IP from any of the clients on that switch and it should show that!

      1 Reply Last reply Reply Quote 0
      • Y
        yyaghi
        last edited by Oct 21, 2017, 12:52 AM

        Oh, and I forgot to mention…you need to move that rule above the regular rules so that is used instead of the others. What I did was moved it right below the other rules that are for other networks to send traffic out. you want to make sure it's above the rule that allows that 1 interface to just leave through the primary IP. Just drag and drop.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received