Can pfsense handle multiple real world IP addresses?



  • Hi Guys
    I just want to know if pfsense can handle multiple real world IP address? if so how do I setup that up?



  • for that you need to use virtual ips



  • Is it really just that simple?  I have a rather extensive setup using Endian firewall that I tried to migrate to pfSense last night.  I added my public IPs under virtual IPs as p-arp addresses and then used the nat port forwarding to forward connections on those IPs to certain machines.  I was not using 1:1 nat.  All port forwards on the interface address worked from the outside, but the ones on the VIPs did not.  I ended up shutting down the pfsense box and going back to Endian for now.  I thought I missed something somewhere.

    I am running pfsense on vmware 2.0.  I have verified that all three network adapters can communicate.  I have internet access from the lan and the dmz and the port forwards from the dmz to the internal lan work.  The only problem I'm having is getting VIP port forwards to work correctly.

    Not sure what other information to give.  Any help is appreciated.

    -Rich



  • @leoalfa09:

    for that you need to use virtual ips

    What do you mean I need virtual IP's didn't you read what I asked can pfsense handle multiple real world IP addresses?



  • And he answered: Yes, for that you need virtual IPs ;)



  • I am asking why I would need virtual IPs for? would it make sense just to do nat 1:1?



  • When you create a 1:1 NAT rule, you have a dropdown list in which you have to choose which external IP you want to use.
    You cannot 1:1 NAT the primary WAN.
    So you need to add somehow your additional IPs to this dropdown list.
    You do this by creating a virtual IP.



  • Virtual-IPs term can be deceiving. Its not like your virtual IPs. Virtual IPs under pfsense are public/real world IPs that you can bind on your WAN interface ~~.

    Ofcourse if you are using internal virtual IPs then you can bind them as well. But to clear the confusion, think of virtual IPs as real world IPs in your scenario.  :D~~


Locked