Setting up devices with static public IP behind pfSense?
We have a pfSense 2.1 firewall that connects to the internet through ADSL2+. The PPPoE authentication is done in pfSense.
(There are actually two ADSL2+ modems - we're using them in a failover configuration, because the constantly changing IP addresses from load-balancing causes VoIP calls to drop).
We have several VoIP phones behind the firewall. We've just been allocated additional public static IPs which I'd like to allocate to the VoIP phones. Basically, I'd like them to be completely open to the internet (i.e. pfSense to pass everything through both ways).
Since the pfSense box is doing the PPPoE authentication, I'm assuming I can't just plug both the phones and pfSense firewall into a single switch, and have that connect to the modem. So the VoIP phones will still need to be behind the pfSense box.
From reading, it seems the feature I want is Virtual IPs, however, I'm not sure if that's what I want to be using here? Or what's the best way to set this up?
Or should I set up some kind of 1:1 NAT? What's the correct procedure for doing that?
It really depends on how the new IPs were allocated to you. Are you expected to route them yourself, or are they an extension of the set you already have.
You probably want 1:1 if they are not routed to you. This way you can open up as much or as little as you want to the phone and the ip address is dedicated to an internal resource (the phone).
How are you supposed to get the additional public IP addresses in the first place? Using multiple PPPoE connections? Or are they routing a subnet to you using the primary PPPoE static IP address as the gateway?
If you wan't better VOIP then ditch the adsl and go with a cable solution. I had nothing but trouble using my bellsouth business Adsl.