4. WAN DHCP and 1:1 NAT?

WAN DHCP and 1:1 NAT?

  • L

    I've been looking into setting up an old computer as a pfSense router/firewall for my home network, and while reading up on it some questions were raised. Now please bear with me; I do not know much about networking (other than basic Please Do Not Throw Sausage Pizza Away).

    I've read some interesting things about 1:1 NAT, VIPs and CARP, but haven't completely understood how this is used. As I understand it, I can assign VIPs to various internal IPs on my network - so that, for example, my file server at 192.168.0.2 could be reached from a public IP that is separate from my "regular" WAN IP. However, what do I need to use this feature? Do I need several static IPs that my ISP has assigned to me? The way it works with my ISP is that I have 5 public IPs available, but they're all assigned via DHCP. As such, I have no actual static IPs (as far as I know), but if I for example set up a "WAN -> switch -> 5 computers" style network, the computers will each get a unique public IP.

    Now, to my actual question: can I use these DHCP-allocated public IPs for 1:1 NAT? I apologize if my question is fuzzy, and if more information or clarification is needed, then I will try to provide it.

    0

  • Unfortunately it's currently not possible to get multiple dynamic public IPs per DHCP.
    With 2.0 where CARPdev is used it "should" work.

    A possible (ugly) workaround:
    Plug as many NICs as you have additional IPs into your pfSense and set them as DHCP.
    Like this your additional NICs will request an IP from your ISP.

    Another (similarly ugly) workaround would be to connect a VLAN capable switch to your pfSense and assign as many VLAN-interfaces as you have additional IPs.
    You would need to assign a PVID on the switch for each "virtual" interface and then connect them to another switch which then goes to your modem/router/whatever_connects_you_to_your_ISP. (you need a separate cable for each virtual interface from the VLAN switch to the normal switch).

    This would look like this:

    pfSense
                        |
                        |
                VLAN-switch
                  | | | | | | |
                normal switch
                        |
                        |
                    modem

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy