    I have one WAN link into my pfsense box, and have just ordered 2 more ip's from them

    this is what they sent me
    Network ID :
    Broadcast : 
    Useable IPs : - Subnet Mask :

    i have added the two ip's under virtual IP's -  as /30

    how do i go about setting up a firewall rule to allow port 80 for example from that one public ip ?

  • You must add each of them as IP Alias.

    After that you can select them from the destination drop-town when you add port forwarding rule.

    In firewall rules you have to use internal addresses in the destination field.

    do i leave the virtual ip's in

    and aloso added the alias's

    where do i specify this alias under the nat rules ?

  • The IPs should only be add as type "IP Alias" to the WAN interface.

    Clients in the Internet will use these IPs to establish connection to your services. So in the NAT rule, when WAN interface is selected, you can choose the VIPs from the drop-town at destination instead of the WAN address.

    So i have added the additional IP's as Alias's

    now in the NAT rules where do i reflect this ?

  • No man, not that Alias! That sets only an alias name for one or multiple IPs, but doesn't assign the IP to the interface.

    Go to Firewall > Virtual IPs.Here you can add virtual IPs to interfaces.
    Select type "IP Alias", select the WAN interface and enter one of your additional public IPs and the mask and save it. Add the second one in the same way.

