Use Public IP behind pfsense

  • Hi Guys

    Hopefully somebody can help with this as I'm sure its trivial, but for the life of me I cant figure out where I'm going wrong!!

    Requirement is very simple as follows:

    From our ISP we have a /27 subnet giving us 30 public IPs to work with. The WAN interface of the pfsense is configured for 77.x.x.2 there are several NICs running NAT and private IP ranges which all work fine and have firewall rules ensuring separation etc.

    On a separate NIC in the pfsense box I want to connect a server and have it use one of the public IPs. I appreciate this can be done with 1:1 so it presents as that IP etc but the NIC in the server must physically use the IP address due to the software running on it. I would like to use 77.x.x.3 on this server (or any of the other 28 public IPs we have available).

    Ideally once this is configured I would then like to still have the ability to only open certain ports through to this server. I thought bridging with filtering enabled in system tunables was the answer but I cant seem to ever make the server access the internet despite having trawled right through this forum, the pdf guides and youtube.

    If somebody can provide advice whilst I still have some hair left that would be much appreciated.  :)

  • i would double check the bridge setup. It has been a long time since my last bridging FW, but the interface itself needs an allow rule to let the traffic outbound. Then you can block either on the bridge (assigned to an interface) or on the inbound on the other side. Start with the rules wide open to make sure bridge is functional, and then lock it down from there.