(More) dumb network questions
-
While I wait ever so impatiently for PTR records to update, I began to think about how to set up a single pfsense instance to handle multiple static IP addresses.
I have 5 public static IP addresses available.
.
I set up domain1.com with one of the 5 ip addresses - using nnn.nnn.nnn.005 in this instance.
A record with no hostname - nslookup finds the static ip with only the domain1.com supplied.
A record with "www" for the hostname - traffic directed to www.domain1.com hits the firewall and I have port forward setup to send 80 and 443 to 192.168.100.2I want to set up another server in this domain but use the static ip of nnn.nnn.nnn.004
I think where my confusion may be is how to set up the port forward to forward traffic meant for an IP address not on the WAN interface.
I'm sure there is a simple way to do this that I'm overlooking.
-
You can just add that IP as an IPAlias VIP on the WAN.
Or if those IPs are routed to you you can just forward it without doing anything else.https://docs.netgate.com/pfsense/en/latest/firewall/additional-ip-addresses.html
-
@MakOwner
I concur with @stephenw10 's recommendation to set up an IP-alias VIP (under Firewall/Virtual IPs) for each additional public IP address. I got my multi-address configuration set up in an hour or two using that approach, despite being a complete newbie with pfSense. Once the VIPs are in place you can either use 1:1 NAT to map one of those addresses to an internal server, or use individual port forward rules. If you do 1:1 NAT you'll still want firewall rules to block all server ports you don't want exposed, so it ends up about the same number of firewall rules either way --- which way you do it depends on how you'd rather think about the setup.
