PfSense, static IPs, LAN & OPT1 interfaces, and wireless network

  • We have a pfSense server with three gigabit ethernet ports: one for WAN, LAN, and OPT1.

    We have two servers on LAN that need a static IP address. Both of these servers have two ethernet ports (eth1 is connected to the LAN network, and eth0 is unused).

    We have a wireless router we would like to use for as a separate network for recreational browsing. The rest of the LAN network would receive internet connectivity through the pfSense server (which in turn receives via WAN via cable modem). I would prefer to want to use only one static IP address for this, but I am not sure right now until suggestions and advices flow in.

    How do you suggest that I structure this so that from the pfSense server, two servers on the LAN interface would have a static internet IP, and that the pfSense server itself would have a third static IP for both work+recreational surfing?

    (Yes, I am a newb. sigh :( )

    EDIT: I think what I may do with the wireless router is plug it into the "rest of the network" via HP managed switch (that the rest of the network is hooked to). That could leave the OPT1 open for other purposes..

    EDIT2: I also took a look around the Virtual IPs and Firewall->NAT pages and don't quite understand how this works…

  • Virtual IPs are exactly what you want to use.  Consider implementing 1:1 NAT for your servers which means the virtual IP addresses will live on the WAN interface of your pfSense box and each unique IP will be NAT'd to the specific server you want to give access to.  Depending on the security stance of your network, it would be a good idea to consider putting your Internet facing devices in your OPT1 network and implementing firewall rules to limit their access into your LAN.

Log in to reply