Multiple Public IP block
-
We have a /29 block assignment from our ISP presently we have an agening cisco ASA. Its second powersupply in two years has died so its time to replace the device and I'm looking at netgate as a possible alternative.
Some of these addresses are transparently passed through to internal devices so it appears the raw connection is directly connected to the server which inturns means its comminucation comes from its own public IP and some of the other public IPs are NAT'd to internal networks, eg. staff/accounts/admin/guest etc.
I've not been able to find a conclusive description of how to go about this via pfsense. any pointers to documention or other info would be greatly received.
-
https://docs.netgate.com/pfsense/en/latest/search.html?q=public&check_keywords=yes&area=default
-
https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-addresses.html
https://www.youtube.com/watch?v=JGZvJOiZ5Tg -
@ptt thank you for the link, could you offer some explaination please and a little guidence.
In practice and the real world how does this work?
-
@kiokoman Thank you for the video link. Very informative. Just what I was looking for.
How do we go about making internal traffic from one of our servers orgininate from the public IP it is assigned?
eg.
server 1 - public 1
server 2 - public 2
server 3 - public 3 etc.I've not understood how to ensure server 3 when it connects to external services it appears to come from its public 3 IP addresss? - hope this makes sense.
-
uhm yes, the video does not show that part anyway it's really easy,
you just need an outbound rule, like this
-
I see, so the source can be the entire net or I guess the specific IP of the internal server?
-
yes, I have only one server inside that network so I didn't care to set a /32 but you can do that
