How to create NAT for block of IP's?
Hey all, i have read through the posts but as i am not sure what i need i think its best i create a new one.
Basically this is my issue: I have a link from our wholesaler my WAN ip is: 184.108.40.206 (and .9 is their end)
This is a new fiber link. We used to have a different link with them, which we had a block of IP's: 220.127.116.11 / 28
They tell me i still have these IP addresses that i can use, which i am needing as a few of my WiSP clients are needing a static IP.
As far as i knew from past experience, i would need to login to some user admin portal that we should get from the link supplier, and there i forward all those IP's to : 18.104.22.168 and then i guess use port forwards on the pfSense box. But.. when i phoned these guys to do that, they said no you just have to create a NAT on your server to use those IP's.. so now i have no idea how i do that.. can anyone here help? I have looked at the NAT setup but its confusing.
I just need it so that block of IP's are directed to my pfsense so i can use a few for my servers.. (mail, www, freeradius) and some clients that need static ip.
How about using virtual ip and manual outbound nat rules or if you have another gateway, so you could use firewall rules to use that link
To do this, doesnt someone have to forward my block of IP's to my current WAN IP address?
your isp will do it, but you'll have to setup the pfsense to understand those ip's
Ok got it.. i'll have to try and work that one out next..
So.. i tried and failed.. can you tell me how to do this:
my current WAN ip is: 22.214.171.124
I have a block of IP's: 126.96.36.199 / 28
I have created a virtual ip entry for that block of IP's..
How do i now for example allocate a specific ip from the block, 188.8.131.52 for example, to be the public ip of my server which is on OPT1 interface with IP address: 192.168.5.20
I just need to allocate some of those IP's from the block to a couple of my servers, and then to some clients.
Why don't you just virtual ip's for all of those ip's you got from isp.
and firewall rules / manual outbound nat should be used for those. remember top-to-down when using manual outbound nat
I would love to try this but i am really not understanding how to do it.
If possible can someone give me good instructions how to do this?
do i add a virtual ip input for each public IP or do i add one virtual ip entry for the block of IP's?
Then the next step is where i have no idea.. allocating one of those to a client who's ip is 192.168.5.50 for example.. connected on the LAN interface..
There is lot of discussion on this. you could also look at wiki
Thanks, ill take a look at the wiki. Problem i have is that those wikis and documents assume that i have a clue what all this means, and i just havent got a clue.. trying to understand it.
But if you always get already chewed up answer, how you would learn?
Im looking at all the info i can find on the wiki and forum. Thanks for your replies.
podilarius last edited by
Hello, What type of Virtual IPs are you using? For this setup, the only thing I tried and had work was the ProxyARP type VIP. Your ISP will route those IPs to your pfSense box, which you will need to provide them. That is if I remember correctly. I had the same setup for a short time, but since we could not use CARP, we had to have them do a "normal" setup just in our IP range. From there, NAT is the same as it was on the other link. If you used something else, there are all sorts of wikis and docs on standard NAT (port forward or 1:1) out there. The book also covers this well.
The more and more i read i understand this even less.. I just know that the IPs are apparently already forwarded to my WAN ip.. SO what do i do.. do i create a VIP entry for each od the IPs in the block i have or do i create a 1 VIP entry for the whole block?
Then to use those IP's. on a server in my LAN for example, to get it a Public IP.. do i have to create a 1:1 NAT? or is this just a porto forward of the VIP entry?
I dont understand NAT at all, would love some simple instructions on this.. surely cant be too difficult, i can setup port forwards on my home router and that works.. I just want to be ale to allocate 1 of the block IP's to a server on my LAN interface (and repeat this a few times for different servers)
create proxy arp or virtual ip for every single ip you have.
1:1 transfer any trafic but only one client/server(unless using server loadbalancing)
with portforward you can decide what trafic you want to server have and can use multiple servers(ex. port 80 -> server1, port 25 -> server2 etc.)