1 WAN with private and public IP

  • Hello. My pfSense appliance has tree physical ports, 1 facing out, the other two in. I have a block of IP public addresses from my ISP. Sitting behind the modem are two devices, each with their own public IP; plus a few consumer grade routers which get NATed to the modem's public IP; and my pfSence router/firewall. The physical segment between the modem and all of the attached devices (WAN) caries both a private IP (10….) and public IP's. My goal is to have four networks behind the pfSense appliance: two site-2-site VPN's each with their own public IP connecting to their own network; a third network that is NAT'ed to its own public IP; and the fourth network that can be NAT'ed to the modem's public IP. The OPT port on the appliance is a trunk will go to a smart switch. (Right now OPT is trunked directly to an ESXi server.)

    I'm really not sure how to set things up on the WAN side. For the network that needs to be NAT'ed to the modem's public IP, the WAN should have a private IP with the modem's private IP as the gateway. For the other networks that need their own public IP, they need to use the modem's public IP as their gateway. I've tried different things: Wan with private IP, bridged to a VLAN with a public IP, Virtual IP's that are public, etc. But I'm really at a loss for the right way to do this.

    Am I trying to do more that what a single device can do, or is there a way to make this all work?

  • Although I'm not quite sure that I understand all aspects of your network topology, my inclination (adhering to the KISS principle) would be to put the modem in bridge mode and do all the routing/nat-ing in pfsense.

Log in to reply