Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routed /29 subnet from ISP and exposing services to internet

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 380 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jkmuk
      last edited by

      I get a /29 routed subnet from my ISP (UNO UK if that helps) which I have assigned to a dedicated DMZ interface on Pfsense. There are NO hosts directly attached to the IPs on this interface.

      I want to use one of the IP address in the DMZ as a public LoadBalancer IP for
      some HTTP/HTTPS services

      The below is what I have done (and it doesn't work)

      Setup Load Balancer

      • Server POOL with three internal IPS say on 10.10.0.0/16 subnet
      • created a VIP on another interface as an internal load balancing IP say 192.168.10.10

      With the DNS pointed to this LB IP address, it is all fine. I can reach the three server nodes and do stuff. I am trying to get HTTP01 validation working for SSL certificates on these nodes and this will mean I need to set up a public IP address for this service.

      I set up the following

      1. Manual NAT and removed the rules that NATed my Routed Public /29 segment
      2. Port forwarded 80 and 443 on my PublicIP to the internal Load Balancer IP (192.168.10.10)
      3. Created an outbound rule to NAT 192.168.10.10 to my Public IP of the service
      4. Necessary firewalls rules to allow traffic on the wan interface

      Problem:

      The HTTP/HTTPS requests seem to be answered by the nginx on the pfsense firewall and not being forwarded to the load balancer. The Load Balancer does not seem to receive this request and the firewall logs don't show any rejection.

      Is this a right setup? Can someone suggest how a /29 subnet is normally setup in pfsense for exposing internal services to the internet?

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @jkmuk
        last edited by

        @jkmuk said in Routed /29 subnet from ISP and exposing services to internet:

        how a /29 subnet is normally setup in pfsense for exposing internal services to the internet?

        By actually just routing it - ie you this /29 on a interface connected on your lan side of pfsense and just firewall rules to allow inbound and outbound traffic.

        Is how you would normally do it. Since your question really has nothing to do with that and your natting to private IPs - your questions should be in the load balancing section. Since that is what your question is about.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.