How to assign public IPs directly to server? or do multiple NATs?



  • Hi Everyone,

    I want to be able to run two HTTP servers (both on port 80) using NAT/Firewall rules. I have lots of IPs as my disposal but not sure how the VIPs work. I have the pfsense book but it doesn't go into detail for VIPs at all.

    I have been told I have this range: Subnet: 30.30.78.32/27

    Currently My WAN setup is:
    WAN Setup: 30.30.78.34/27
    Gateway: 30.30.78.33
    Mask shown in Interface Status: 255.255.255.224

    From this I am deducting that I have Usable IP range of : 30.30.78.35 - 30.30.78.63

    My LAN is setup in this range: 192.168.0.0/24

    1- So, I want to be able to forward all traffic for 30.30.78.36 to 192.168.0.36 and all traffic for 30.30.78.37 to 192.168.0.37
    2- At a later date, I might want to assign one of the above public IPs directly onto the interface of one of my other servers. Would that be possible too?

    ***I want to know if my approach explained in #1 is right for running two HTTP servers. And also how should I setup the VIPs for this?  I tried setting NAT using the interface VIP (I created single IP Proxy ARP in VIPs) and auto created firewall and forwarded to pfSense HTTPs port but it didn't work.

    Can someone please shed some light.

    Much appreciated.


  • Rebel Alliance Developer Netgate

    What kind of detail do you want? There is just shy of a full page in the book that covers the VIP types and how they work. It's section 6.8, page 119 in the print edition.

    There is a little more info in the doc wiki as well.

    Given what you've shown there, either Proxy ARP or CARP type VIPs should work for you. You can forward the ports like you describe in #1 just fine.

    You can't do scenario #2 unless you bridge an interface to WAN. Doable, but bridging can get ugly.


Locked