Public IP on LAN/OPT Interface

  • This should be a pretty basic configuration however I am missing something. Note: I am currently working in a lab, production is a month out.

    I need to use static public IPv4 addresses on the LAN/OPT interface.

    Internnet –-> Switch <--> PFsense <---> Switch <---> eth 0 (Server) Public IP
                                    <------------------------------------> eth1 (Server) Public IP

    With both NIC up I can ping both public IPs. If I turn eth1 off, everything goes down.

    Looking at the routing table, I have determined the problem is the system cannot access the public gateway (its using eth1 for this route). When eth1 is up, all traffic from eth0 pass pfsense.

    Some questions I know I will be asked:

    • Firewall > NAT > Outbound = Manual Outbound NAT rule generation (AON - Advanced Outbound NAT)
    • No virtual IPs are created. I have read people doing this, but I don't think it's where my problem is
    • LAN is using a public IP and public gateway (different subnet than pfsense)

    I think the answer here is a static route, maybe...

    The goal here is to be able to block ports on the outbound but also easily be able to remove the restriction per IP as needed.


Log in to reply