From Public to Public
-
Hi Guys,
I've got a server that have to be on public IP address (Public IP address have to be configured in the network card configuration because of the license) I want to run the traffic through pfsense, so I have added the public IP address to the Virtual IPs on the firewall then I have created NAT from 80.80.80.80 to 80.80.80.80 (only example) and I have created a rule that allow incoming traffic on port 80.
But unfortunately I cannot access anything on port 80 with above configuration. Any idea how I can
-
You're looping the IP address back on itself?
-
You're looping the IP address back on itself?
I knew that something is not right ;)
Could you possibly tell me how I can send the traffic through pfsense with static IP address on the server?
-
huh?? Same way you would if was dynamic - port to the private IP of the server you want to forward too..
Doesn't really matter how wan got its IP, since your just picking that interface and wan address as the destination.
-
Snort,
I think we need more details about your setup. If you have a setup where you have been allocated a block of IPs and your server and WAN interface on the pfSense are using IPs from the same IP block then we need to know what you are trying to accomplish.
If my example is the case then you would simply set both to use the same gateway IP. However, I assume that you want the server behind the firewall and/or have some other more complicated needs.
If your issue is that the server needs to be able to access resources behind the pfSense firewall then there are several options that will depend on your needs.
- If the server does not need to be behind the firewall.
1a) You could connect a 2nd interface on your server to the LAN network, set a LAN IP on that interface and if you have other IP blocks behind the firewall you can set routes to traverse the 2nd interface on the server for those blocks.
1b) The same as 1a, but for the ip blocks you want to reach that are behind the firewall, you set routes on the server to get to those IP blocks via the IP on the WAN interface of the firewall.
1c) You may be able to set the gateway on your server to the IP on the WAN interface of the pfSense firewall. I have never tried this and it's really not the best practice thing to do.
- If the server needs to be behind the firewall.
2a) The right way is to get a 2nd block of IPs routed to the IP on the WAN interface of the firewall by your ISP. Then you create a LAN interface on the firewall using the routed IP block.
2b) You could configure the WAN and LAN interfaces in bridge mode and then systems on the bridged LAN interface could have public IPs. I do not know if this will work for your specific setup. I have not used this setup, so I don't know who well this works if you still want some systems using NAT or if you want the firewall to respond to a public IP for management (ssh/http/https), VPN, etc. Using alias IPs and/or other IP types it seems like it's doable.
2c) If 2a is not an option and 2b adds more complexity for all your other systems, then using a Proxy ARP IP may be the solution. I am not vary familiar with Proxy ARP, from my reading about it, that may work for this situation. I am not sure how to configure it. I think you would configure a LAN interface on the firewall for a subset of your larger IP block like a /30. Then the server would need to be connected to that interface and you would have to create a Proxy ARP entry for the server IP or the /30 on the WAN interface. This is just a guess on how to do it and I don't know if pfSense would except the setup I have described, but that could mean my way is just the wrong way, not that there is no pfSense solution.
Good luck,
Rhongomiant