Configure virtual IP Pfsense at OVH



  • Dear members,

    Recently we got an ovh dedicated server where we have installed pfsense. The server runs on ESXI vmware. The intention is that the pfsense vm gets a WAN interface with a public IP, this works we have tested this. In addition, we have a LAN interface that distributes private ipadresses.

    What we want to do is that we assign a public IP to a vm host with a web server, so that when we approach the pubic IP via the web browser we get to the vm with the webserver, after research we find out that we have to configure a virtual IP in pfsense

    Our question is therefore how to assign the virtual ip, since at ovh an IP address is linked to a MAC address. In the web portal of ovh you must assign an IP to a MAC address and then the MAC address in ESXI at network settings of the VM

    IP information:

    1. WAN interface = 52.72.XX.XX.
    2. LAN interface = 192.168.1.0/24
    3. Virtual IP interface = 51.71.XX.XX. to the web server vm

    hopefully you can help us

    Sincerely,
    Jeffrey


  • Netgate

    OVH sucks for that. Ask them for a subnet routed to a small interface address and you can do whatever you like.

    That, or 1:1 NAT to private IP addresses on the inside.

    I, personally, would never host at OVH. Their service is apparently designed to place something like cpanel/plesk server right on their interface, not behind a router.



  • @Derelict Thank you for your answer!

    Can you help us to configure 1:1 NAT to private IP ?
    0_1543691654447_Knipsel.PNG
    we have set the settings like image above are these settings correct?
    and have we to configure virtual ip?


  • Netgate

    Yes, with OVH (or any provider that puts the address on the interface instead of routing them to you as they should) you need to configure a virtual IP address that will respond to ARP.

    I would suggest an IP Alias type. you will put that address in the External Subnet IP field.

    Then your firewall rules will need to pass traffic to the inside address (192.168.1.101).



  • @Derelict Thank you

    So now if we go to the 51.75.xx.145 address we got de pfsense login page and if we go to the 51.75..xx.144 address we got the same this should be correct right?

    the firewall rules
    0_1543692417284_Knipsel.PNG

    is this correct?


  • Netgate

    No idea you are obfuscating too much to see what you're actually doing.