How to setup Pfsense 2.0.1 Release with multiple static IPs (from ISP)?



  • I apologize if this question has already been asked or answered.  I've recently moved from dynamic IP home, residential service using Pfsense 2.0.1-Release to a business account with (5) static IPs.

    Currently, my setup is as follows:

    Public WAN IP of modem from ISP: 1.2.3.4
    LAN IP of Pfsense router: 192.168.0.1
    Behind PFsense router, I have multiple, internal client PCs on LAN:
    PC #1 - 192.168.0.100
    PC #2 - 192.168.0.101
    PC #3 - 192.168.0.102
    PC #4 - 192.168.0.103
    PC #5 - 192.168.0.104

    How do I now configure Pfsense router to use the new block of public, static IPs issued by my ISP? (1.1.1.1, 1.1.1.2, 1.1.1.3, 1.1.1.4, 1.1.1.5) so that they align like this?

    PC #1 - public IP 1.1.1.1 routes to 192.168.0.100
    PC #2 - public IP 1.1.1.2 routes to 192.168.0.101
    etc.?

    Thanks in advance for your help.



  • Assign valid ips using virtual ip option.

    Then assign nat rdr rules for services or nat 1:1 in nat menu option.



  • For others wanting to do this, this is best tutorial I could find:
    http://www.youtube.com/watch?v=zrBr0N0WrTY&feature=youtube_gdata_player



  • I have been trying to get this to work and it will work from the LAN but not from the Internet.

    I can pull up my web server from my local LAN PC via it's internal IP 0f 10.1.1.10, and also from two different NAT's from VIP's I set up according to the Video listed above at public IP 201.7.x.36 and 201.7.x.40. I did not think that you would be able to pull up the web server page on the LAN PC using the Internet IP addresses?

    Any help with this or trouble shooting tips? I am pretty much a newb on pfsense…I used to maintain Novell Bordermanager firewalls. With that all you did was add a secondary address (assuming pfsenses VIP) and then setup a NAT map from wan to lan IP and add pass through rule on port 80 and viola you were done. I must be missing something but I don't see what else to try?



  • I was able to connect to my PCs' internet addresses from begin the firewall once I went into Advanced > Firewall/NAT and checked the box labeled: Automatically create oubound NAT rules which assist inbound NAT rules that direct traffic back out to the same subnet it originated from.

    In other words, when connected to a PC on my LAN, with that box checked, I can now connect to machines using their internet addresses instead of being forced to use internal, LAN IPs.


Locked