> So assume I have this: 12.34.56.78 for my firewall address (as assigned to me > by the ISP). > And I have 18.25.125.16/29 for my statics. > And behind the firewall I am running 192.168.16.0/24 > How do I set it up there?
WAN on 12.34.56.78 LAN on 192.168.16.0/24 OPT1 on 18.25.125.17/29 (or any other IP from the range - I’ve gone with the first usable IP for simplicity) Your LAN works as it does currently, NATing to 12.34.56.78. You then have 3 choices: 1) give your servers public IPs and place them directly onto OPT1 (this doesn’t have to be a separate physical interface, no reason why it couldn’t be a tagged VLAN). They would then use 18.25.125.17 as their default gw. 2) dual home your servers so they have both a public IP and an RFC1918 IP. 3) you might be able to define virtual IPs for 18.25.125.18 .19 .20 .21 .22 on OPT1 - this will allow pfSense to handle ARP replies for those IPs. You may then be able to define a 1:1 rule as follows (for example): Interface External IP Internal IP Destination IP OPT1 18.25.125.18 192.168.16.5 * It’s important that the range 18.25.125.16/29 is defined on an interface on pfSense *somewhere*, even if - as I said above - it’s not assigned a physical NIC. Kind regards, Chris -- C.M. Bagnall This email is made from 100% recycled electrons _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
