Netgate SG-1000 microFirewall

Author Topic: Routing Out To A Specific WAN IP, Belonging to a X.X.X.X/29 Subnet  (Read 167 times)

0 Members and 1 Guest are viewing this topic.

Offline cwager990

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Dear Forum Members

Can someone confirm for me the correct approach to route traffic from LAN-Subnet X.X.X.X/24 to Public IP X.X.X.44

The Subnet Range is X.X.X.40 - X.X.X.47 - 40 is the network address, 41 is the pfSense WAN int address and 47 is the broadcast. 42, 43, 44, 45, 46. are added as IP Aliases, in the Virtual IP panel.

Thanks Chris

Offline viragomann

  • Hero Member
  • *****
  • Posts: 2690
  • Karma: +284/-1
    • View Profile
Re: Routing Out To A Specific WAN IP, Belonging to a X.X.X.X/29 Subnet
« Reply #1 on: February 04, 2018, 03:11:52 pm »
You want to route traffic from LAN network to an IP assigned to the WAN  ???  That makes no sense.

I think what you're trying to achieve is, that traffic from LAN to the internet is shown as if it is coming from X.X.X.44 outside, which is an alias on the WAN interface. That's NAT.
This can be done by outbound NAT in pfSense. Firewall > NAT > Outbound.
Set it in the hybrid or manual mode at first. Then add a rule:
Interface: WAN
source: LAN net
dest: any
Translation address: X.X.X.44

Offline cwager990

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Routing Out To A Specific WAN IP, Belonging to a X.X.X.X/29 Subnet
« Reply #2 on: February 08, 2018, 07:06:51 pm »
Yes that is exactly what I meant, thank you for correcting my explanation and for providing a solution, I was wondering if it is possible to assign a public ip address directly to a server on my network, without NAT, while retaining the firewall can this be achieved do you know how or do I need to start a new post.

Thanks Chris

Offline viragomann

  • Hero Member
  • *****
  • Posts: 2690
  • Karma: +284/-1
    • View Profile
Re: Routing Out To A Specific WAN IP, Belonging to a X.X.X.X/29 Subnet
« Reply #3 on: February 09, 2018, 04:45:52 am »
You can achieve this by bridging WAN and LAN interface. But this way you can only use the public /29 subnet on LAN. pfSense is still able to filter traffic, but not to forward anything, of course.
If you don't have special reasons for bridging it isn't recommended.