Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing of the public ip to the switch in pfsense.

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MarcioFsantos
      last edited by

      Greetings to the board staff, I'm new here and I will ask a help

      I am studying the pfsense and liked that solution too, but I have a question:

      We assume that the topology is:

      Edge Router with CISCO BGP –-> pfSense ---> Layer 3 Switch ---> Web Servers

      I want to use pfsense for an edge firewall for certain blocks, bandwidth control and IPS.

      The router:
      interface GigabitEthernet0 / 1
      ip address 10.40.40.1/30

      in pfSense
      WAN 10.40.40.2/30
      LAN 10.50.50.1/30

      switch
      10.50.50.2/30 in VLAN 1 = default

      I remember that on router and switch are published for public ips, my doubt how do the routing of the public ip to the switch in pfsense.

      I thank the community!

      1 Reply Last reply Reply Quote 0
      • M
        MarcioFsantos
        last edited by

        All web servers are configured with public ips and accessed via the Internet

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by

          Firstly, do you really need the Layer3 switch (router) behind pfSense? It would be easier if the LAN with web servers is directly attached to pfSense. (or is it many LANS?)
          You will need to add a gateway on pfSense LAN to Layer 3 switch 10.50.50.2, and static route/s telling pfSense what is reachable through 10.50.50.2
          Since the whole network behind the Cisco is hidden from public internet view, you will need to put port forwards on the Cisco to forward the public IPs to the appropriate internal web server IPs.
          I think you could also disable NAT on pfSense, tell the Cisco about all the networks that are reachable through pfSense WAN, and port forward directly from the Cisco to the Web servers. pfSense WAN would just need firewall rules on WAN to open the things you want to open. pfSense can then control bandwidth… of all the traffic flowing through it. For any outgoing things from the Web servers, if the Cisco knows about those networks then it could do the NAT.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • M
            MarcioFsantos
            last edited by

            Remember that web servers are configured with public ips.

            Are apache, mysql, email, and etc …

            In this scenario we have the public ip on the servers so we will not have NAT hiding the internal network.

            I am not knowing how to make the setting to receive my switch ips.

            eg the topology without pfsense with only the router and switch

            within the router I put the following configuration

            ip route 10.50.50.2 255.255.255.0 xxx.xxx.xxx.xx

            Thus I do make my router to route to switch ips.

            1 Reply Last reply Reply Quote 0
            • M
              MarcioFsantos
              last edited by

              For me to route the public ips from the router to the switch by pfsense does use this option?
              http://doc.pfsense.org/index.php/Static_Routes

              1 Reply Last reply Reply Quote 0
              • M
                MarcioFsantos
                last edited by

                Or I use the option virtual ips?
                http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.