Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Public adress on a client behind pfsense firewall

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gjorret
      last edited by

      Hey guys.

      Im having my pfsense 2.0 firewall with a WAN interface with one public ip.

      I now have a another public ip address that i would like to assign to one client behind the firwall.

      What is the correct way to do this? Do i have to add a new interface for it? The public ip's is not in the same subnet and therefore have different gateways.

      Should i use 1:1 natting?

      I have add'ed the IP as a virtual ip.

      Should i add a new gateway or?

      I thought i was going to set this up without any issues, but im not quite sure what feature to use or how to use it.

      I hope you can help me.. Pleeease!

      Thanks in advance..

      /Gjorret

      EDIT:
      Btw, when trying to add a new gateway via system_gateways_edit.php, on the same WAN interface i just get an error that it cant be added  because it isnt on the same subnet.

      Heeeelp…

      1 Reply Last reply Reply Quote 0
      • G
        Gjorret
        last edited by

        Anyone with at solution?

        I think i might have to give the client a local ip and then do 1:1 natting directly to the client…

        But is it possible to do it via the same wan interface? have 2 public ips in on different gateways? They are both routed to the wan interface.

        1 Reply Last reply Reply Quote 0
        • N
          Nachtfalke
          last edited by

          If you have to WAN addresses and two connections (two modems), than assign to separate WAN interfaces for every connection (modem).
          after this you can go to NAT and use 1 : 1.
          There you can select the WAN interface you would like to use and of course the client to which this address should be NATed.

          If you only have one modem with more IPs than I think you are right and you need to create a virtual IP (select WAN interface and the IP you would like to use) and than use this Virtual IP for your 1 : 1 NAT rules.

          1 Reply Last reply Reply Quote 0
          • G
            Gjorret
            last edited by

            Hi, thanks for your answer.. i have one interface where my WAN is connected.

            What i did to make it work was that i added the public ip address as a virtual IP on the WAN interface.
            After that i added a 1:1 nat where the external ip was the public (ofc :-)) and the internal was the internal ip of the box i had on the inside.
            When that was done, i added a firewall rule to allow everything to the internal ip.

            That works…

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.