Publishing a restricted WAN IP as public WAN IP



  • Hello folks,
    I wonder if I can seek some assistance here with a pfSense router on the latest version 2.0.3
    I feel it is NAT -related but please direct me elsewhere if it is not…

    What I have been trying to achieve within last days is to publish via a Virtual IP on WAN interface (IP allocated by provider and is pingable!) an host which lies on a network which is not directly routeable via internet  - it's  closed network which is routed to our LAN via  a Cisco router. We have a gateway for this network within the LAN. I have added this route to PfSense in the Routings and it works fine, pings.

    So this is essentially what it should be like:

    Client -> Internet -> PFSENSE -> LAN -> CLOSED-GATEWAY -> HOST-ON-OTHER-NETWORK

    So in essence it may be like a double NAT scenario. I tried using Virtual IP as both Proxy ARP and Alias IP with no luck. I tried 1:1 NAT with it, having the Virtul IP as External IP and the host's IP as INternal, but I guess it didn't work because its IP address is not within the range used by LAN interface. Is there something like an IP Proxy that can be used here? Perhaps a workaround?

    Thank you for reading and any suggestions :)



  • I don't see how it can be done with normal routing. You could setup PPPoE on pfSense and connect to it from the host. Then on pfSense 1:1 NAT the virtual IP address to the host's PPPoE client address. By default the host will then use pfSense for Internet traffic including other subnets it doesn't have explicit routes to.

    Double NAT should also work fine. Add a second IP address on the Cisco router and 1:1 NAT the virtual IP address from pfSense to that. Then in the Cisco router 1:1 NAT the second IP address to the host. This will work fine for incoming connections. You'll need to setup appropriate conditional routes on the host and the Cisco router for outbound connections.


Log in to reply