Can I do this with pfSense?



  • I've got a cable modem with 4 available static IPs from my provider. I want to be able to set pfSense up so that most everything on my local LAN has your basic, run-of-the-mill internet connection behind a firewall, with pfSense set to 192.168.2.1, and handing out local DHCP addresses from .101 to .151, leaving the rest for me to assign local static IPs. This setup all gets one of the static public IPs of 24.xxx.xxx.50. Then I want to put a web server on OPT1 with a local address of 192.168.1.1 and a public IP of 24.xxx.xxx.49. The server has a bunch of stuff running, including HTTP, FTP, BIND and Shoutcast, and I'll of course open the ports for all of those. What I need to be able to do is have any of the computers on my network (the 192.168.2.1 side) be able to browse to the web server by the server's Public IP. Will I be able to do that? I am replacing a Cisco 1841 with pfSense, because the Cisco has such a hard time setting this up (I understand it is called hairpinning).

    Second question, assuming this is all practical to try to do, is there anyone who could help me configure this in advance? I'm live with my server and would really like to be able to unplug from the Cisco and plug into my pfSense PC, reboot the modem and go. I'm even willing to pay for someone to walk me through it either on the phone or via Teamviewer.

    My internet provider (Cox) has given me 24.xxx.xxx.49, .50, .56 and .60 with a netmask of 255.255.255.224, which I understand translates to /27.


  • Netgate Administrator

    Yes, you can do that.
    You would usually setup the server by adding a virtual IP on your WAN corresponding to one of your public IPs and 1:1 NATing that to your server on 192.168.1.X.
    You can arrange to access that server by it's public credentials in several ways:
    https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

    Steve



  • Excellent, thank you. I'd still be interested in someone who could assist me in a quick changeover, though. Anyone?



  • If I were to leave my webserver on the same lan as the rest of my network (workstations and webserver would all be on the .49 public address), would I still be able to do NAT reflection with pfSense?


  • Netgate Administrator

    Yes.
    It doesn't much matter which internal subnet (if you have more than one) the server is on you can still use DNS overrides or NAT reflection.

    Steve



  • I can help you brother send me a message.

    @PostalPreacher:

    If I were to leave my webserver on the same lan as the rest of my network (workstations and webserver would all be on the .49 public address), would I still be able to do NAT reflection with pfSense?


Log in to reply