routing multiple public ips behind the firewall to servers

viragomann

@pandacraft
1:1 NAT is even network address translation, which means you have your public IP assigned to the router (or at least routed to it by your ISP) and your internal servers are within another network segment.
That is the recommended way though, but the server will not have a public IP assinged, it is forwarded to them. That's why I asked hat you really want.

pandacraft

Rn we have no router just straight to the outside world with our servers so ye but we want pfsense for the vlans and dhcp and some mo itoring and be able to block ips when they use too much internet etc

viragomann

@pandacraft
pfSense is a router. If you want to have your servers in separated VLANs you to separate them from the internet anyway. So go with NAT.

NAT 1:1 translates a public IP or a network range to an internal IP or network range and also the other way round.
When you do simply port forwarding it translates only one way (mostly public to private). For the other way the outbound NAT is responsible. By default pfSense translates any upstream traffic to the WAN interface address, but you may also add your own rules for other behavior.

pandacraft

I need the public ips working inside the network
Otherwise my clients would be confused with ips etc and how do big hostings and isp that then they can route public ips etc

ptt

--> https://docs.netgate.com/pfsense/en/latest/recipes/route-public-ip-addresses.html

pandacraft

i need the traffic of the public ips on he same phisical port and it needs to work with multiple vlans

viragomann

@pandacraft said in routing multiple public ips behind the firewall to servers:

i need the traffic of the public ips on he same phisical port

On pfSense? Still not clear, what you want to achieve exactly.
However, all provided solution don't interfere with VLANs. But don't know, what you want to aim with the VLANs in this context. Maybe a drawing of your aspired network setup can clarify it.

Is the extra public IP routed to the primary by your ISP?

pandacraft

yes the public ips are routed by our isp i can directly set the ip in linux as static and i have internet. we are in the datacenter

viragomann

@pandacraft
So you can implement the solution in the link above provide by @ptt. Only drawback is that you need to use one IP out of the extra range as gateway.

pandacraft

@viragomann how would i do that over the same port as the dhcp etc etc