Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can I use virtual IP as gateway?

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    2
    4
    192
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      accidentallyadmin
      last edited by

      My ISP provide me with PPPoE connection with private IP for internet connection. Since I plan to give some kind of access to my internal server, I opt to have an IP public address (to which they sell me for additional price - which is fair). I set this public IP address as a virtual IP (IP alias) on my pfsense, add haproxy and my server can be accessed from the outside.

      Now, I also need to access an outside service. The only caveat is I have to have a static public IP (which I already have). How do set it on my pfsense so the outside service will see my public IP instead of dynamic IP from my ISP? I tried to set it as gateway for this outside service, but I don't see it in the gateway list.

      Hope this make sense.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @accidentallyadmin
        last edited by

        @accidentallyadmin
        The additional public IP is assigned to your WAN. It cannot be your upstream gateway at the same time.
        Your upstream gateway IP is set by your ISP via PPPoE. Don't touch it!

        What you are looking for can be done in Firewall > NAT > Outbound.
        Enable the Hybrid mode and save it.
        Then add a rule:
        interface: WAN
        source: <your local networks> This can also be an alias if you have multiple to treat all in a single rule.
        destination: any
        translation: select your public IP
        Save.

        A 1 Reply Last reply Reply Quote 0
        • A
          accidentallyadmin @viragomann
          last edited by

          @viragomann Thank you for your answer and suggestion. I did that with some modifications but somehow it doesn't always work.
          In the source column, I put my laptop IP address.
          In the destination column, I put only 1 (one) address (where the outside service that I'm trying to reach).
          In translation address, I put the public IP address.

          From the perspective of the outside server, sometimes it sees my public IP address (which supposed to be 103.158.xx.yy) but sometimes it sees 103.158.xx.1 (which I guess is the IP address of my ISP) instead. Do you have any idea why?

          Also, which one is processed first? Outbound NAT or firewall rules?

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @accidentallyadmin
            last edited by

            @accidentallyadmin
            pfSense can only translate the source address to the stated IP. Maybe your ISP does an additional translation, but this is unusual if you have a public IP already.

            You can verify the function of your outbound NAT rule by sniffing the traffic on WAN (Diagnostic > Packet Capture).

            The outbound NAT rule is the last in the pipe, before packets leave the firewall.
            See Firewall/NAT Processing Order Example for details.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.