Static public ip on lan client
is it possible to have a external ip on the lan side for a client machine ?
if yes a small howto would be apreciated
I'm not sure why you want to put an external IP address on an internal NIC. Perhaps it would help if you could explain what you're trying to do.
If you don't have a separate interface and at least /29 for this (plus at least /30 for your WAN), forget about it. Configure 1:1 NAT and move on.
i got 2 /24 blocks on the wan side and multiple nics
now how would i go by doing this ? it can't be that much of a secret….....
the reason for this is i have a bunch of houses on an island with wifi cpe's and these ppl like to have a public ip and the cpe set to router mode so they can port forward their stuff
In a nutshell:
- Take one of the /24s, put it on some OPT interface
- Now, go to outbound NAT configuration, switch either to Manual Outbound NAT, or to Hybrid NAT on 2.2.x (much better) and click Save.
- Now, you'll see a bunch of rules shown. Locate the NAT rule for your /24 containing the public IPs and delete it. Click Apply changes.
- You need proper firewall rules on that OPT to permit outbound traffic. Configure a DHCP server on that OPT interface to give out the public IPs.
- Finally, if the goal is that users will maintain their own firewall on their CPE or whatnot, go to WAN firewall rules and allow all inbound traffic to OPT (i.e., source - any, destination - OPT subnet)
You could split the other /24 and do the same, just keep some small /30 for WAN, unless you already have a separate one for that purpose.
Important note: You will want to block both inbound traffic from WAN and from OPT to the IP assigned to the OPT interface on pfSense, ports TCP 22/80/443 at least. You do not want everyone to mess with your WebGUI and hammer SSH. Be careful with the rules ordering.
thank you very much i will give this a shot later on on a test machine so i don't break the production box ;D