Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Use Public IP behind pfsense

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      Waltz
      last edited by

      Hi Guys

      Hopefully somebody can help with this as I'm sure its trivial, but for the life of me I cant figure out where I'm going wrong!!

      Requirement is very simple as follows:

      From our ISP we have a /27 subnet giving us 30 public IPs to work with. The WAN interface of the pfsense is configured for 77.x.x.2 there are several NICs running NAT and private IP ranges which all work fine and have firewall rules ensuring separation etc.

      On a separate NIC in the pfsense box I want to connect a server and have it use one of the public IPs. I appreciate this can be done with 1:1 so it presents as that IP etc but the NIC in the server must physically use the IP address due to the software running on it. I would like to use 77.x.x.3 on this server (or any of the other 28 public IPs we have available).

      Ideally once this is configured I would then like to still have the ability to only open certain ports through to this server. I thought bridging with filtering enabled in system tunables was the answer but I cant seem to ever make the server access the internet despite having trawled right through this forum, the pdf guides and youtube.

      If somebody can provide advice whilst I still have some hair left that would be much appreciated.  :)

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        i would double check the bridge setup. It has been a long time since my last bridging FW, but the interface itself needs an allow rule to let the traffic outbound. Then you can block either on the bridge (assigned to an interface) or on the inbound on the other side. Start with the rules wide open to make sure bridge is functional, and then lock it down from there.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.