Multiple IPs from one WAN
-
Hi there, (bad english)
Iam new to pfsense.
ISP provides 20 public static ips. I want every computer in my office (20pcs) to have one public static ip each.
Internet->pfsense->switchIs it configurable in pfsense?
(i want direct static public ips on their own nics. not virtual ips pointing to each private local lan ip.)
-
My guess is transparent firewall / filtered bridge
http://doc.m0n0.ch/handbook/examples-filtered-bridge.html
http://pfsense.trendchiller.com/transparent_firewall.pdf -
Or if not bridging, you might want a /30 on your WAN, and have your ISP route that public IP block to your WAN IP, then disable NAT on pfSense.
Either/or will work fine.
-
Not working.
Anyway, can i do this?:
modem->pfsense(router)->switch->3servers+20workstationsOne ip for all workstations.
And three ips for 3 servers. And those servers in the same lan as workstations. I mean same lan subnet.
For example: wan ip: 77.xxx.xxx.74 holds 192.168.1.1-192.168.1.20 workstations. And 213.xxx.xxx.21 - 213.xxx.xxx.23 ips holds 192.168.1.21 - 192.168.1.23 servers. Is it possible? (one wan one lan interface in pfsense)(it's difficult to convey what i want in english)
-
Yes
Make a alias list of lan ip's
control there wan ip with your gateway settings on your lan rules -
Thank you very much for replaying.
i can choose only one gateway in my lan rules (default or wan interfaces' gateway so every ip can only point to one gateway).
For example i have apache server running lets say on 192.168.2.100 port 3112,
port forwarding WAN TCP 3112 servers (ext.: 213.197.143.21) 3112
Setting wan rule TCP * * servers 3112 *
And it does not work.
(as in testing mode in servers alias i added only one ip .2.100) -
Those extra public ip's you have, needs to be added under firewall -> virtual ip's
-
yes. but now i set up one ip on my wan interface, and testing everything with several pcs only on one ip. (now wan ip is actualy 213.xxx.xxx.21 )
-
hmm sounds like dhcp to me.
Is the wan assign with dhcp or a static ip?
The wan should be assign with it's proper subnet mask ( CIDR). /30 in this case (someone correct me if I'm wrong)
http://www.subnet-calculator.com/cidr.php -
static.
everything is working except port forwarding. cant forward 213.xxx.xxx.21:4331 to 192.168.2.100:4331 (in my case) -
Things regarding virtual IPs are often not working due to arpcache issues of the devices in front of you. Try to reboot the device in front of you or take down the line for some minutes to make the arp caches expire.