Recommended Public IP Setup for Hosts behind PFSense

  • With PFSense 2, what is the recommended setup for public ip for server hosts and client routers behind PFSense?

    Two of my goals of putting them behind PFSense with Public IP address are
    1. all traffic go's thru my traffic shaping
    2. I can use firewall rules to secure hosts/clients

    From my reading/experience, I can use
    1. Bridged Interface to create DMZ
    1. PPPOE Server
    2. private IP and Redirect or 1:1 NAT (running redundant system, would you proxy arp or carp public ip?)
    3. Another way?

    Which setup is preferred/most common that accomplishes my goals?

    I'm not looking for an indepth howto, I have done PPPOE and NAT just want to setup my new router the best possible way.

  • if your public ips are routed through pppoe wan ip you do not need bridge, just routing.

  • I have several blocks of IP's from several providers (3 separate up-links) and was wondering what most people do. My routers use 3 with CARP, and I use PPPOE for one client and have used 1:1 NAT.

    It just seemed that If I bridge to a DMZ interface, I could Traffic Shape and use firewall rules per IP.  Since PPPOE and DMZ both require the client to be on the same "LAN" (VLAN) then I see bridged as "easier", no PPPOE to configure.