Public adress on a client behind pfsense firewall



  • Hey guys.

    Im having my pfsense 2.0 firewall with a WAN interface with one public ip.

    I now have a another public ip address that i would like to assign to one client behind the firwall.

    What is the correct way to do this? Do i have to add a new interface for it? The public ip's is not in the same subnet and therefore have different gateways.

    Should i use 1:1 natting?

    I have add'ed the IP as a virtual ip.

    Should i add a new gateway or?

    I thought i was going to set this up without any issues, but im not quite sure what feature to use or how to use it.

    I hope you can help me.. Pleeease!

    Thanks in advance..

    /Gjorret

    EDIT:
    Btw, when trying to add a new gateway via system_gateways_edit.php, on the same WAN interface i just get an error that it cant be added  because it isnt on the same subnet.

    Heeeelp…



  • Anyone with at solution?

    I think i might have to give the client a local ip and then do 1:1 natting directly to the client…

    But is it possible to do it via the same wan interface? have 2 public ips in on different gateways? They are both routed to the wan interface.



  • If you have to WAN addresses and two connections (two modems), than assign to separate WAN interfaces for every connection (modem).
    after this you can go to NAT and use 1 : 1.
    There you can select the WAN interface you would like to use and of course the client to which this address should be NATed.

    If you only have one modem with more IPs than I think you are right and you need to create a virtual IP (select WAN interface and the IP you would like to use) and than use this Virtual IP for your 1 : 1 NAT rules.



  • Hi, thanks for your answer.. i have one interface where my WAN is connected.

    What i did to make it work was that i added the public ip address as a virtual IP on the WAN interface.
    After that i added a 1:1 nat where the external ip was the public (ofc :-)) and the internal was the internal ip of the box i had on the inside.
    When that was done, i added a firewall rule to allow everything to the internal ip.

    That works…


Locked