Hi…
We recently registered for internet account with an ISP. But they do DHCP reservation for static WAN IP. The pfsense box has got a wan ip by bridging the WAN Router to pfsense. How do I get NAT 1:1 work with forwarding rules for a voice server on a Vlan behind the pfsense box? (There is only one Physical interface for the LAN on Pfsense box. ) I don’t like to put the voice server on the DMZ.
Thanks in advance for recommendations nd advice.
I don’t understand, if the ISP bridges the IP address to the WAN you would just forward the ports to the devices on the LAN.
Adding to my post… So they require a MAC ADDRESS for each static ip…
I’m working with multiple vlans. Each vlan is connected to a respective server, and requires a dedicated static wan ip.
The static WAN IPs are in a /24 subnet from the ISP. But for the IP to become active, it requires a MAC ADDRESS for server to bind…
I don’t want to use DMZ
If each IP requires a MAC address then you will need a physical interface for each IP.
My request is along the lines of your video : https://youtu.be/JGZvJOiZ5Tg
But I think I’m missing something to make it fully functional
Thanks Tom. I didn’t understand your statement.
The server has its own NIC.
But how will the ISP bind the MAC for a server who is behind the Pfsense? There is no visibility. I can’t hardcode the IP on the server, because the ISP refreshes the TTL very 48 hours, according to this link. https://forum.telus.com/t5/Business-Solutions/Issues-after-upgrading-to-Static-IP/td-p/5197
When I initially setup the NAT, it worked perfectly for a few hours, then stopped working. The ISP needs me to upgrade the account to Enterprise account for static IP without DHCP reservation, which is a total cash grab since I’m not an Enterprise, but a small business.
The problem I see is that compared to Linux, BSD (which PFSense is built on top of) doesn’t have a way to create virtual interfaces with their own MAC based on a physical interface (this is different from a Virtual IP or VLAN). (Maybe raw BSD can do this, but nothing is exposed like this in PFSense configuration). Basically, if this were Linux, you could create a virtual interface with a manually set MAC, and create an additional DHCP client on it.
Therefore, the only way to get multiple MAC addresses in PFSense is to have multiple physical interfaces (physical in the view of the OS - if the PFSense is a VM then you could create multiple interfaces in the hypervisor).