Port Forwarding with Virtual IPs and multiple external static IPs
-
your comcast router will handout 10.1.10.x address if you connect a DHCP client to it but it can also handle static IPs at the same time.
However, for your setup you should really set your firewalls WAN to use your static public IPs and let the firewalls do your NATing.
Roy…
1. DHCP is disabled on the modem.
2. How do I set my firewall WAN to use multiple public static IPs without using Virtual IPs?
-
I don't see why you are using a 'virtual IP' at all in this configuration - I'd skip that, based on what I'm reading of your current requirements.
Again, I'm planning on removing the existing firewall and using only pfSense. Ultimately 5 static IPs are going to be directed to the pfSense box. Are Virtual IPs required for that kind of setup in order for pfSense to distinguish between the traffic so it can properly route/NAT traffic to the proper internal servers?
Based on what I'm seeing, trying to put that x.x.63.x public IP in Proxy ARP / Virtual IP is not going to work - as the "pfSense WAN" isn't actually in that range…
According to the wiki:
Proxy ARP
-Can not be used by the firewall itself but can be forwarded
-Generates Layer2 traffic for the VIP
-The VIP can be in a different subnet than the real interface's IP
-Will not respond to ICMP ping.Am I reading this wrong? Is there a different VIP type I should be using? Sorry I'm new to the VIP thing. Is the problem, that the Proxy ARP Can not be used by the firewall itself?
-
Got this solved, thanks to jimp.
My problem was that I was NATing on my modem like this:
XXX.XXX.63.140 > 10.1.10.2instead of
XXX.XXX.63.140 > my virtual IP -
Sorry - I misspoke - you may need virtual IPs, if you're doing the equivalent of "1:1 NAT" on your modemrouter - and have multiple virtual IPs in that same private address space on your pfSense box WAN.