Mapping WAN IP's from a VPS directly to local Host ?
-
Foreword:
I run a pfsense at home, sadly there is no option for a business ISP so no static WAN address.Until now I solved this by renting a VPS with additional WAN IP's and used port forwarding on the VPS to forward everything to my pfsense using openvpn. From there I port forwarded from the openvpn interface to a local host.
However I read that this is basically double NAT and bad practice.
The local host has a LAN IP.
TLDR:
My goal is that the local host directly has a WAN IP assigned.Or that the WAN IP's are directly assigned to the pfsense.
I assume I would need one dedicated WAN IP on the VPS and a second on the pfsense as gateway for routing ?
Is this possible ?
-
@vlan1 said in Mapping WAN IP's from a VPS directly to local Host ?:
Until now I solved this by renting a VPS with additional WAN IP's and used port forwarding on the VPS to forward everything to my pfsense using openvpn. From there I port forwarded from the openvpn interface to a local host.
However I read that this is basically double NAT and bad practice.You read that? The point is if there are any drawbacks for providing your services when the server is behind double NAT. The most services works well with it. So if you can't see any issues, why want you change the setup?
And if so, using a DynDNS host name is not an option for you?
Otherwise since both, your home router and the VPS have a (virtual) interface within the same (virtual) network segment, you can use it as transit network and route the packets directly from the VPS to the local server. So there is no need for double natting the traffic. You only have to add some routes.
However, if you run the actual 2.5.1 at home this will only work if you set the remote VPS as default gateway. It's due to a bug that will be fixed in 2.5.2. -
You read that? The point is if there are any drawbacks for providing your services when the server is behind double NAT. The most services works well with it. So if you can't see any issues, why want you change the setup?
It works but it is also rather confusing how it is now, in pfsense I deal with internal addresses and always need to lookup how it's routed in my notes.
And if so, using a DynDNS host name is not an option for you?
I had DynDNS before but wanted to host mail at home.
My ISP IP is blacklisted and can't be removed.Otherwise since both, your home router and the VPS have a (virtual) interface within the same (virtual) network segment, you can use it as transit network and route the packets directly from the VPS to the local server. So there is no need for double natting the traffic. You only have to add some routes.
I think I get this, I will give it a try.
The question for me is, how do I assign the pfsense my WAN IP's ?
Do I declare them as VIP Type "other" ?
-
@vlan1 said in Mapping WAN IP's from a VPS directly to local Host ?:
The question for me is, how do I assign the pfsense my WAN IP's ?
The WAN IPs have to stay on the VPS, where you run an OpenVPN server. Your pfSense connect to this server and set it as default gateway.
So any outgoing upstream packet from your home is dericted over the vpn and goes out to the internet with the static public IP of VPS.The other way around you can use the public IP for your services like you do already, but incoming traffic on the VPS is forwarded directly to your server at home.
So you have only one time to nat the traffic in each direction like you was having the VPS public IP at home.