Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can I do this with pfSense?

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PostalPreacher
      last edited by

      I've got a cable modem with 4 available static IPs from my provider. I want to be able to set pfSense up so that most everything on my local LAN has your basic, run-of-the-mill internet connection behind a firewall, with pfSense set to 192.168.2.1, and handing out local DHCP addresses from .101 to .151, leaving the rest for me to assign local static IPs. This setup all gets one of the static public IPs of 24.xxx.xxx.50. Then I want to put a web server on OPT1 with a local address of 192.168.1.1 and a public IP of 24.xxx.xxx.49. The server has a bunch of stuff running, including HTTP, FTP, BIND and Shoutcast, and I'll of course open the ports for all of those. What I need to be able to do is have any of the computers on my network (the 192.168.2.1 side) be able to browse to the web server by the server's Public IP. Will I be able to do that? I am replacing a Cisco 1841 with pfSense, because the Cisco has such a hard time setting this up (I understand it is called hairpinning).

      Second question, assuming this is all practical to try to do, is there anyone who could help me configure this in advance? I'm live with my server and would really like to be able to unplug from the Cisco and plug into my pfSense PC, reboot the modem and go. I'm even willing to pay for someone to walk me through it either on the phone or via Teamviewer.

      My internet provider (Cox) has given me 24.xxx.xxx.49, .50, .56 and .60 with a netmask of 255.255.255.224, which I understand translates to /27.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Yes, you can do that.
        You would usually setup the server by adding a virtual IP on your WAN corresponding to one of your public IPs and 1:1 NATing that to your server on 192.168.1.X.
        You can arrange to access that server by it's public credentials in several ways:
        https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

        Steve

        1 Reply Last reply Reply Quote 0
        • P
          PostalPreacher
          last edited by

          Excellent, thank you. I'd still be interested in someone who could assist me in a quick changeover, though. Anyone?

          1 Reply Last reply Reply Quote 0
          • P
            PostalPreacher
            last edited by

            If I were to leave my webserver on the same lan as the rest of my network (workstations and webserver would all be on the .49 public address), would I still be able to do NAT reflection with pfSense?

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Yes.
              It doesn't much matter which internal subnet (if you have more than one) the server is on you can still use DNS overrides or NAT reflection.

              Steve

              1 Reply Last reply Reply Quote 0
              • M
                m4st3rc1p0
                last edited by

                I can help you brother send me a message.

                @PostalPreacher:

                If I were to leave my webserver on the same lan as the rest of my network (workstations and webserver would all be on the .49 public address), would I still be able to do NAT reflection with pfSense?

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.