Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Public IP Addresses Configuration LAN - WAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 307 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Fuquan
      last edited by

      Hi,

      Hopefully someone can provide some best guidance on this issue: I have a range of public IP addresses provided for our business line from the ISP. In this setup all servers have been allocated an IP address from this range with a switch in the mix also given an IP address from that same range. Now my question is if we introduce a server running pfSense to connect on the WAN facing interface of the ISP connection and then to the "switch" behind it can we assign an IP address from the same public IP address range (all have the same subnet) to the WAN interface and the LAN facing interface of the pfSense server?

      I ask as our servers connected to the switch all have public IP addresses in the same subnet and the Service Provider needs all servers having global access to be addressed from that public range of IP addresses as they provide DNS resolving. Thus, what is the best way to IP address the WAN and LAN interface of the pfSense in this scenario for it to protect everything from the switch and all connected to the switch? Kindly note we do not use any "private addressing or auto address assignments of any kind" as we have public addresses.

      Thanks
      Fuquan

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        You may add WAN and LAN to a bridge. So pfSense has only one IP (assigned to the bridge) of your public range and the servers behind can also have an IP out of that range.

        Ensure that these Tunables (System > Advanced > System Tunables) have the correct values:
        net.link.bridge.pfil_member: 1
        net.link.bridge.pfil_bridge: 0
        So you can still set filter rules on WAN and LAN interface which works independently.

        1 Reply Last reply Reply Quote 0
        • F
          Fuquan
          last edited by

          Dear viragomann,

          Thanks for the directives I shall certainly take a look into doing so when time permits.

          Do have a pleasant weekending!
          Peace
          Fuquan

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.