Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to assign public IPs directly to server? or do multiple NATs?

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    2 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      torontob
      last edited by

      Hi Everyone,

      I want to be able to run two HTTP servers (both on port 80) using NAT/Firewall rules. I have lots of IPs as my disposal but not sure how the VIPs work. I have the pfsense book but it doesn't go into detail for VIPs at all.

      I have been told I have this range: Subnet: 30.30.78.32/27

      Currently My WAN setup is:
      WAN Setup: 30.30.78.34/27
      Gateway: 30.30.78.33
      Mask shown in Interface Status: 255.255.255.224

      From this I am deducting that I have Usable IP range of : 30.30.78.35 - 30.30.78.63

      My LAN is setup in this range: 192.168.0.0/24

      1- So, I want to be able to forward all traffic for 30.30.78.36 to 192.168.0.36 and all traffic for 30.30.78.37 to 192.168.0.37
      2- At a later date, I might want to assign one of the above public IPs directly onto the interface of one of my other servers. Would that be possible too?

      ***I want to know if my approach explained in #1 is right for running two HTTP servers. And also how should I setup the VIPs for this?  I tried setting NAT using the interface VIP (I created single IP Proxy ARP in VIPs) and auto created firewall and forwarded to pfSense HTTPs port but it didn't work.

      Can someone please shed some light.

      Much appreciated.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        What kind of detail do you want? There is just shy of a full page in the book that covers the VIP types and how they work. It's section 6.8, page 119 in the print edition.

        There is a little more info in the doc wiki as well.

        Given what you've shown there, either Proxy ARP or CARP type VIPs should work for you. You can forward the ports like you describe in #1 just fine.

        You can't do scenario #2 unless you bridge an interface to WAN. Doable, but bridging can get ugly.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.