Adam Van Ornum wrote:
Ok, I am pretty inexperienced with IP addressing, particularly when it comes to
configuring firewalls with multiple public IPs, but at my small business I'm
the most experienced with IT stuff in general so I get to be the one who deals
with all this stuff. We have Comcast as our internet provider with a range of
public IPs of which we are currently only using one. I'd like to be able to
use another public IP in order to expose more services, such as a separate mail
or web server.Comcast provided public IPs: *.*.0.206/28Current WAN IP:
*.*.0.193/28Current WAN Gateway: *.*.0.206This was setup with a different
firewall (a crappy consumer box) before I got here, so after I started I
switched over to pfSense and just used the settings that were in the old box.
Currently, everything is working fine with this setup but now I am trying to
set things up so I can use another public IP (ie *.*.0.175) to expose different
web and mail services hosted on a different internal server a
nd I can't get it to work.What I have tried is to add a virtual IP (I've tried
both Proxy ARP and Other) with the following settings:Interface: WANIP Address:
*.*.0.175/32And I then setup 1:1 NAT mapping *.*.0.175/32 to
192.168.100.10.Lastly, I create a firewall rule on the WAN interface to allow
port 80 where the destination is 192.168.100.10.However, this does not seem to
work...what am I missing?
I am on a comcast business account as well with multiple statics.
My approach was somewhat different than yours. I ended up making the
externals virtual IP's and use NAT and port forwarding to allow
everything to talk to each other (I didn't see a need for 1:1 NAT).
I have five static IP's, which results in a subnet of /29.
The pfsense box has one of them with the default route being the IP of
the SMC, subnet of /29. All of my other IP's are virtual IP's using
Proxy ARP (each IP has a subnet of /32) assigned to the WAN interface.
It was just a matter of firewall, port forwarding and outbound NAT rules
to get it all working.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
