Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    routing multiple public ips behind the firewall to servers

    Scheduled Pinned Locked Moved Routing and Multi WAN
    16 Posts 4 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pandacraft
      last edited by

      how can i route my extra public ip adresses i have from my isp?
      i tried many tutorials but none seem to work i need the public ip to be routed inside the network so behind the firewall so i can assing it to my servers and vms.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @pandacraft
        last edited by

        @pandacraft
        You want to have the public IP behind pfSense or forward them to your internal devices by doing NAT?

        1 Reply Last reply Reply Quote 0
        • P
          pandacraft
          last edited by

          i want to be able like right now to set the public ips directly in the server as static ips

          mudmanc4M 1 Reply Last reply Reply Quote 0
          • mudmanc4M
            mudmanc4 @pandacraft
            last edited by

            @pandacraft said in routing multiple public ips behind the firewall to servers:

            i want to be able like right now to set the public ips directly in the server as static ips

            Keeping this simple you could 1:1 NAT

            1 Reply Last reply Reply Quote 0
            • P
              pandacraft
              last edited by

              and how would i do that? since i tried it and it didnt work but maybe i did it wrong

              mudmanc4M V 2 Replies Last reply Reply Quote 0
              • mudmanc4M
                mudmanc4 @pandacraft
                last edited by mudmanc4

                @pandacraft said in routing multiple public ips behind the firewall to servers:

                and how would i do that? since i tried it and it didnt work but maybe i did it wrong

                Check out Netgates explanation:;
                https://docs.netgate.com/pfsense/en/latest/nat/1-1.html

                1 Reply Last reply Reply Quote 0
                • V
                  viragomann @pandacraft
                  last edited by

                  @pandacraft
                  1:1 NAT is even network address translation, which means you have your public IP assigned to the router (or at least routed to it by your ISP) and your internal servers are within another network segment.
                  That is the recommended way though, but the server will not have a public IP assinged, it is forwarded to them. That's why I asked hat you really want.

                  1 Reply Last reply Reply Quote 0
                  • P
                    pandacraft
                    last edited by

                    Rn we have no router just straight to the outside world with our servers so ye but we want pfsense for the vlans and dhcp and some mo itoring and be able to block ips when they use too much internet etc

                    V 1 Reply Last reply Reply Quote 0
                    • V
                      viragomann @pandacraft
                      last edited by

                      @pandacraft
                      pfSense is a router. If you want to have your servers in separated VLANs you to separate them from the internet anyway. So go with NAT.

                      NAT 1:1 translates a public IP or a network range to an internal IP or network range and also the other way round.
                      When you do simply port forwarding it translates only one way (mostly public to private). For the other way the outbound NAT is responsible. By default pfSense translates any upstream traffic to the WAN interface address, but you may also add your own rules for other behavior.

                      1 Reply Last reply Reply Quote 0
                      • P
                        pandacraft
                        last edited by

                        I need the public ips working inside the network
                        Otherwise my clients would be confused with ips etc and how do big hostings and isp that then they can route public ips etc

                        pttP 1 Reply Last reply Reply Quote 0
                        • pttP
                          ptt Rebel Alliance @pandacraft
                          last edited by

                          --> https://docs.netgate.com/pfsense/en/latest/recipes/route-public-ip-addresses.html

                          1 Reply Last reply Reply Quote 0
                          • P
                            pandacraft
                            last edited by

                            i need the traffic of the public ips on he same phisical port and it needs to work with multiple vlans

                            V 1 Reply Last reply Reply Quote 0
                            • V
                              viragomann @pandacraft
                              last edited by

                              @pandacraft said in routing multiple public ips behind the firewall to servers:

                              i need the traffic of the public ips on he same phisical port

                              On pfSense? Still not clear, what you want to achieve exactly.
                              However, all provided solution don't interfere with VLANs. But don't know, what you want to aim with the VLANs in this context. Maybe a drawing of your aspired network setup can clarify it.

                              Is the extra public IP routed to the primary by your ISP?

                              1 Reply Last reply Reply Quote 0
                              • P
                                pandacraft
                                last edited by

                                yes the public ips are routed by our isp i can directly set the ip in linux as static and i have internet. we are in the datacenter

                                V 1 Reply Last reply Reply Quote 0
                                • V
                                  viragomann @pandacraft
                                  last edited by

                                  @pandacraft
                                  So you can implement the solution in the link above provide by @ptt. Only drawback is that you need to use one IP out of the extra range as gateway.

                                  P 1 Reply Last reply Reply Quote 0
                                  • P
                                    pandacraft @viragomann
                                    last edited by

                                    @viragomann how would i do that over the same port as the dhcp etc etc

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.