Configure virtual IP Pfsense at OVH
-
Dear members,
Recently we got an ovh dedicated server where we have installed pfsense. The server runs on ESXI vmware. The intention is that the pfsense vm gets a WAN interface with a public IP, this works we have tested this. In addition, we have a LAN interface that distributes private ipadresses.
What we want to do is that we assign a public IP to a vm host with a web server, so that when we approach the pubic IP via the web browser we get to the vm with the webserver, after research we find out that we have to configure a virtual IP in pfsense
Our question is therefore how to assign the virtual ip, since at ovh an IP address is linked to a MAC address. In the web portal of ovh you must assign an IP to a MAC address and then the MAC address in ESXI at network settings of the VM
IP information:
- WAN interface = 52.72.XX.XX.
- LAN interface = 192.168.1.0/24
- Virtual IP interface = 51.71.XX.XX. to the web server vm
hopefully you can help us
Sincerely,
Jeffrey -
OVH sucks for that. Ask them for a subnet routed to a small interface address and you can do whatever you like.
That, or 1:1 NAT to private IP addresses on the inside.
I, personally, would never host at OVH. Their service is apparently designed to place something like cpanel/plesk server right on their interface, not behind a router.
-
@Derelict Thank you for your answer!
Can you help us to configure 1:1 NAT to private IP ?
we have set the settings like image above are these settings correct?
and have we to configure virtual ip? -
Yes, with OVH (or any provider that puts the address on the interface instead of routing them to you as they should) you need to configure a virtual IP address that will respond to ARP.
I would suggest an IP Alias type. you will put that address in the External Subnet IP field.
Then your firewall rules will need to pass traffic to the inside address (192.168.1.101).
-
@Derelict Thank you
So now if we go to the 51.75.xx.145 address we got de pfsense login page and if we go to the 51.75..xx.144 address we got the same this should be correct right?
the firewall rules
is this correct?
-
No idea you are obfuscating too much to see what you're actually doing.
