  • Good Afternoon,

    ive done a bit of searching but i havent found anything..

    i have a single wan connection but a routed /29 ip range.

    i have pfsense installed on an vmware esx machine with 2 nic's

    what i want is to assign the public ip's to specific hosts on the esx server (using vswitches) but also to have pfsense handle the nat routing for my lan.. is this possible?

    for example

    XX.XX.XX.XX > Server A
    XX.XX.XX.XX > Server B
    XX.XX.XX.XX > LAN (Natted)


  • I'm implementing a very similar scenario. Wondering how we can set this up.

  • Hi,

    You can do this by creating a bridge between WAN and OPT1 for example, where WAN would have the xx.xx.xx.xx NATted  IP. Your servers would be on the OPT1 side (the OPT1 interface itself doesn't have an IP this way) and configured with a different IP within the same subnet and will also use the same default gateway as pfSense, but pfSense will still be in between them. NAT for other clients will still work via the regular LAN interface. So you will need three interfaces in pfSense to make this work.

  • I have a similar setup.

    WAN – x.x.224.55 (pppoe)
    LAN -- 192.168.x.x
    OPT1 -- x.x.225.178/30

    The client connected to OPT1 is x.x.225.177/30.

    Automatic NAT is turned off in pfsense and I have created an outbound NAT rule on WAN for 192.168.x.x, so the host on OPT1 is routed without NAT.

    That takes care of the routing. Now for the vlans. I'm a little less familiar with vswitches, but on the pfsense side I would use one NIC for the LAN and create 2 vlans on the other NIC for WAN and OPT1. You'll have to do something in esx to trunk the 2 vlans to the one NIC.

