Jon Copeland
asked on
How to configure pfSense with multiple WAN IP addresses for 1:1 NAT?
Hi all,
First time poster here.
I have an OVH dedicated server with a /28 failover IP block. Ideally I'd like to use a single software firewall to protect all of the VM's running within the virtualization hypervisor running Proxmox 3.2 but I'm unsure as to the networking technicalities in order to make this work. I feel this may be more of a pfSense thing than an OVH/Proxmox thing.
OVH:
At OVH I have the IP's configured as follows (note all of the MAC addresses are the same):
pfSense:
How would I assign multiple routable public IP addresses to the WAN interface of a pfSense firewall so that it can route packets to the correct IP of the VM?
Something like this, where 167.x.x.x is a routable public IP address:
So, for instance, say somebody tries to connect to the web service listening on cloud.company.net.
I understand how to setup a single publicly routable IP address on a pfSense firewall VM and have it redirect traffic to internal VM's but this question is explicitly about having the pfSense VM configured with multiple publicly routable IP addresses.
Let me know if you need any clarification, I'm not sure if I did a stellar job in explaining this.
First time poster here.
I have an OVH dedicated server with a /28 failover IP block. Ideally I'd like to use a single software firewall to protect all of the VM's running within the virtualization hypervisor running Proxmox 3.2 but I'm unsure as to the networking technicalities in order to make this work. I feel this may be more of a pfSense thing than an OVH/Proxmox thing.
OVH:
At OVH I have the IP's configured as follows (note all of the MAC addresses are the same):
pfSense:
How would I assign multiple routable public IP addresses to the WAN interface of a pfSense firewall so that it can route packets to the correct IP of the VM?
Something like this, where 167.x.x.x is a routable public IP address:
pfSense VM VM IP Service
=========================================================================
167.x.x.1 -> 192.168.1.1/24 -> firewall
167.x.x.2 -> 192.168.2.1/24 -> cloud
167.x.x.3 -> 192.168.3.1/24 -> connect
So, for instance, say somebody tries to connect to the web service listening on cloud.company.net.
1. They input cloud.company.net into their browser
2. The DNS A record for [i]cloud.company.net[/i] is resolved and directs the user to 167.x.x.2
3. The pfSense firewall sees an incoming request on 167.x.x.2 via port 80 or 443 and directs the connection to 192.168.2.1 [i](the IP of the VM with the cloud service)[/i].
4. The pfSense firewall sends the response back to the user [b]from[/b] the correct IP, in this case 167.x.x.2.
I understand how to setup a single publicly routable IP address on a pfSense firewall VM and have it redirect traffic to internal VM's but this question is explicitly about having the pfSense VM configured with multiple publicly routable IP addresses.
Let me know if you need any clarification, I'm not sure if I did a stellar job in explaining this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here's what I did:
OVH:
pfSense:
Interface: WAN
IP Address: 167.x.x.x/32
Interface: LAN
IP Address: 192.168.x.x/24
External subnet IP: 167.x.x.x
Internal IP: Type Single Host
Address: 192.168.x.x
TCP/IP: IPv4
Protocol: TCP
Type: Single host or alias
Destination: 192.168.x.x
Destination port range: From HTTP to HTTP