Additional Subnet to WAN-IP

  • Hi folks!
    The Situation: Two static public ip-addresses from isp at wan interface. One additional /27 subnet, routed to one of  the public ip-addresses.
    The Question: How to manage access from /27 subnet to internal servers with pfsense 1.2?
    Thanks in advance!

  • For additional public IP's on WAN, create VIP's. (Firewall –> Virtual IPs)

    To route a subnet from one of your public IP's, enable "Advanced outbound NAT" (Firewall --> NAT) and see to it that there is no entry that NAT's your /27 subnet. Now it is being normally routed.
    Create firewall rules to allow traffic.

  • Thanks for fast reply, but its not working. The /27 subnet is public. Perhaps you missunderstood. I am not able to add an VIP out of that /27 subnet.

  • No i understood you correct.
    I think you should reread my post :)

    Have the IP to which your /27 subnet is routed to directly as WAN-IP.
    Add the additional IP on your WAN as VIP.

    Define the IP of the OPTx or LAN (or whatever the interface of your /27 subnet is called)
    as one out of your /27.

    If you enable advanced outbound NAT you can define manually what should be NATed from where to where, or what should NOT be NATed.
    In your case you DONT want to NAT your /27 to WAN.
    If there is no entry in the AoN table for the subnet it wont be NATed, but routed –> which is what you want.

    Maybe you could write which steps you took and i can help you from there.

Log in to reply