Route public IP to one client
I want to route a public IP to a single client (which is actually another pfSense machine).
I understand the best way to do this is to add another interface and assign the public subnet to that.
There are two things I don't understand/concern me.
How does this work if I'm already using some of these IPs for 1:1 NAT? (I only have a /29)
How can this be done without losing another public IP address to the third interface?
Is it still (easily) possible to route between the third interface and LAN?
Lastly, is there any benefit to doing this over simply giving the second box a private IP and 1:1 NAT'ing it with a firewall to allow all traffic to that IP?
I don't believe you can route your subnet further unless your ISP allows it and is setup to allow you to do so. Assuming you have a simple Ethernet Internet connection with your subnet, you can setup pfSense in bridged mode with the second pfSense. The second pfSense will need to be plugged into a dedicated interface on the first pfSense. This will allow you to share the public IP addresses between both boxes.
It's easier to just plug the second pfSense box directly into the Internet switch though…
Also, there is no benefit over a 1:1 NAT unless you require the actual public IP on the internal machine for some reason.