Router - pfsense - servers

  • Hi,

    What is the proper configuration to assigned real ips to http and mail server with the following structure ?

    (wan: Zyxel router ( <–->( pfsense (lan: <--->(lan: http (Real IP:
                                                                                                                        <--->(lan: mail (Real IP:

    Also, for some applications I can not change the router to bridge mode.

  • Unless you can set the router into bridge-mode, is this not a pfSense question, but a zyxel-router question.

  • I just mentioned that I can not set the router to bridge mode. The question is about the proper settings for the above structure  ?

  • And like i said: unless you can set the router into bridge mode, is this not a pfSense problem.

    You need to configure your zyxel router so it accepts traffic for your real IP's and and forwards it to pfSense.

    IF you can configure it so it does that…..
    If you can achieve that (to my knowledge no zyxel router is capable of doing that) you could create 2 VIP's in the 10.1.3.x subnet (one for each server) and 1:1 NAT them to your server and redirect the traffic from your zyxel router to these VIP's.

  • Since your router can't do DHCP spoofing/Half-Bridge mode, I'd change the router's LAN IP to and make the Pfsense Wan Interface  Then set the DMZ on the router to route all traffic to the pfsense wan interface.  It's not pretty, but I have to use this solution; and I haven't had any problems with the double NAT translation–even with SIP (Voip) which is a pain when it comes to NAT.

Log in to reply