my ISP just gave me a subnet of public IP addresses and a single public IP in their network so that I can route those.
I'm trying to use pfsense to do this. Basically I want to expose the public IPs provided to the internet (inbound and outbound). Later I might want to apply some firewall rules but for now just blind will be fine.
In addition I'd like to create a NATed subnet in the 10.99.99.0/24 range which I'll use for standard client computers. (these computers need to be able to open up ports using UPNP etc. too)
I would think this is pretty standard, but I can't find any direct documentation on this.
It appears when I go into routing that it only allows outgoing traffic, not incoming. I would have thought that all I need to do is create a virtual IP in the public subnet they gave me and the route from their public to that and then that would be the gateway for all of the rest of the computers on that public subnet? (and then setup outgoing rules as well).
Is this even possible with only two lan cards or am I better going to 3 and setting it up that way? (Still lost as to how to get pfsense to route between the two public subnets.)
Thanks in advance for any assistance and suggestions you can provide!
Best Answer
OK, this is a fairly standard "enterprise" ISP setup.
Assign the single IP (probably a /30 network) to your WAN interface. Then create IP Alias Virtual IPs for each IP in your block of routed public IP addresses.
Once you do this, you can use those Virtual IPs in NAT rules, port forwarding, VPN, etc. It sounds like you're possibly trying to apply these public IPs directly to servers inside your network. This is most likely not necessary to do. You can configure 1:1 NAT rules for servers to "assign" public IPs to them, and egress traffic from those servers will be sourced from the proper public IP.
For this type of setup, you should not need to mess around in the routing section of the config.