Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN DHCP and 1:1 NAT?

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    2 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Labil
      last edited by

      I've been looking into setting up an old computer as a pfSense router/firewall for my home network, and while reading up on it some questions were raised. Now please bear with me; I do not know much about networking (other than basic Please Do Not Throw Sausage Pizza Away).

      I've read some interesting things about 1:1 NAT, VIPs and CARP, but haven't completely understood how this is used. As I understand it, I can assign VIPs to various internal IPs on my network - so that, for example, my file server at 192.168.0.2 could be reached from a public IP that is separate from my "regular" WAN IP. However, what do I need to use this feature? Do I need several static IPs that my ISP has assigned to me? The way it works with my ISP is that I have 5 public IPs available, but they're all assigned via DHCP. As such, I have no actual static IPs (as far as I know), but if I for example set up a "WAN -> switch -> 5 computers" style network, the computers will each get a unique public IP.

      Now, to my actual question: can I use these DHCP-allocated public IPs for 1:1 NAT? I apologize if my question is fuzzy, and if more information or clarification is needed, then I will try to provide it.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Unfortunately it's currently not possible to get multiple dynamic public IPs per DHCP.
        With 2.0 where CARPdev is used it "should" work.

        A possible (ugly) workaround:
        Plug as many NICs as you have additional IPs into your pfSense and set them as DHCP.
        Like this your additional NICs will request an IP from your ISP.

        Another (similarly ugly) workaround would be to connect a VLAN capable switch to your pfSense and assign as many VLAN-interfaces as you have additional IPs.
        You would need to assign a PVID on the switch for each "virtual" interface and then connect them to another switch which then goes to your modem/router/whatever_connects_you_to_your_ISP. (you need a separate cable for each virtual interface from the VLAN switch to the normal switch).

        This would look like this:

        pfSense
                            |
                            |
                    VLAN-switch
                      | | | | | | |
                    normal switch
                            |
                            |
                        modem

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.