Public IP Addresses Configuration LAN - WAN



  • Hi,

    Hopefully someone can provide some best guidance on this issue: I have a range of public IP addresses provided for our business line from the ISP. In this setup all servers have been allocated an IP address from this range with a switch in the mix also given an IP address from that same range. Now my question is if we introduce a server running pfSense to connect on the WAN facing interface of the ISP connection and then to the "switch" behind it can we assign an IP address from the same public IP address range (all have the same subnet) to the WAN interface and the LAN facing interface of the pfSense server?

    I ask as our servers connected to the switch all have public IP addresses in the same subnet and the Service Provider needs all servers having global access to be addressed from that public range of IP addresses as they provide DNS resolving. Thus, what is the best way to IP address the WAN and LAN interface of the pfSense in this scenario for it to protect everything from the switch and all connected to the switch? Kindly note we do not use any "private addressing or auto address assignments of any kind" as we have public addresses.

    Thanks
    Fuquan



  • You may add WAN and LAN to a bridge. So pfSense has only one IP (assigned to the bridge) of your public range and the servers behind can also have an IP out of that range.

    Ensure that these Tunables (System > Advanced > System Tunables) have the correct values:
    net.link.bridge.pfil_member: 1
    net.link.bridge.pfil_bridge: 0
    So you can still set filter rules on WAN and LAN interface which works independently.



  • Dear viragomann,

    Thanks for the directives I shall certainly take a look into doing so when time permits.

    Do have a pleasant weekending!
    Peace
    Fuquan