Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Recommended Public IP Setup for Hosts behind PFSense

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      salmonbaytech
      last edited by

      With PFSense 2, what is the recommended setup for public ip for server hosts and client routers behind PFSense?

      Two of my goals of putting them behind PFSense with Public IP address are
      1. all traffic go's thru my traffic shaping
      2. I can use firewall rules to secure hosts/clients

      From my reading/experience, I can use
      1. Bridged Interface to create DMZ
      1. PPPOE Server
      2. private IP and Redirect or 1:1 NAT (running redundant system, would you proxy arp or carp public ip?)
      3. Another way?

      Which setup is preferred/most common that accomplishes my goals?

      I'm not looking for an indepth howto, I have done PPPOE and NAT just want to setup my new router the best possible way.

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        if your public ips are routed through pppoe wan ip you do not need bridge, just routing.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • S
          salmonbaytech
          last edited by

          I have several blocks of IP's from several providers (3 separate up-links) and was wondering what most people do. My routers use 3 with CARP, and I use PPPOE for one client and have used 1:1 NAT.

          It just seemed that If I bridge to a DMZ interface, I could Traffic Shape and use firewall rules per IP.  Since PPPOE and DMZ both require the client to be on the same "LAN" (VLAN) then I see bridged as "easier", no PPPOE to configure.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.