5 Public IPs and 1 WAN interface



  • Hi all,

    I searched all over and could not find a post that pertains to my situation….
    So if this is a duplicate post i really do apologize....
    We just received our fibre broadband and the ISP gave us 5 public ips.

    my set up  looks something like this :

    Fibre  / Internet ----> Router (192.168.0.1/24) ------> pfsense 2.0.1 (10.0.0.1/8) ------> network (10.0.0.0/8)

    Now 1st off...only when my wan interface is on DHCP do i have internet access (i have tried multiple combinations )
    2nd - im assume it's not as simple as doing a NAT to say source address : xxx.xxx.xxx.xxx (public ip) and destination : yyy.yyy.yyy.yyy (local pc ip)

    Can someone please point me to a tutorial for NAT with multiple public ips on 1 wan interface (and if possible the static ip wan interface)

    Feeling really stupid....

    Thanks,



  • Create a VIP for each of the public IP addresses.  Then 1:1 NAT to the intended devices on your LAN.

    Ive never done a public IP on the WAN when the primary address is a private space address though so someone else will have to comment or you will have to experiment.



  • Also- there are alternative language forums lower in the list.  I assume you speak French so I will link it here…

    http://forum.pfsense.org/index.php/board,7.0.html

    In case that helps you better..    :)



  • Hi,

    Thanks chpalmer for the reply, i am actually Afrikaans, but English is my second language :)

    I figured out how to get internet access via static ip address :)  so that part i got sorted.

    What type of VIP do i create for public ips ?

    I would like to confirm :

    Once i created the VIPs, the nat 1:1 will look like this :
    External IP : Public IP / Virtual IP
    Internal IP : IP of pc it needs to be forwarded to
    Destination IP : blank

    Thanks,



  • Your 1:1 NAT description is correct.

    Info on VIPs here:
    http://doc.pfsense.org/index.php?title=What_are_Virtual_IP_Addresses%3F



  • Sorry-  I meant to post that language post on another thread..    ::)  I was wondering where it went…

    ;D



  • @chpalmer:

    Sorry-  I meant to post that language post on another thread..    ::)   I was wondering where it went…

    ;D

    I was wondering where the comment came from. ;D Seemed to be perfectly fluent in English to me.



  • Thanks for all the replies,

    Finally they setup my router correctly today and now 1 of my 5 public / external ips is my WAN address. NAT also needed to be disabled on the router.
    Then i setup the remaining 4 public / external ips as VIP (Proxy ARP) and just did normal NAT port forward and it works like a charm  ;D
    No NAT 1:1 needed ;D

    Thanks everyone !


Locked