As someone dealing with CGNAT through Starlink, I’ve had to get creative to ensure I have a usable public-facing IP. My current setup involves using CoreTransit to establish an L2TP connection to pfSense, which then provides me with a static IP. This setup works well, but I’m now looking to expand my network configuration for some testing and troubleshooting purposes.
The Question: Can I Pass a Public IP from pfSense to Another Firewall?
I want to pass through a public IP from pfSense to another firewall device, such as a Fortigate, Palo Alto, or even OPNsense or pfSense or UDM. I know that in a typical networking environment, passing an additional public IP between routers or firewalls is feasible, but given that I’m using an L2TP connection for my static IP, I’m not sure whether this complicates things.
What I’m Trying to Achieve:
- Maintain my L2TP connection from CoreTransit to pfSense to retain my static IP.
- Pass a public IP from pfSense to another firewall (Fortigate, Palo Alto, or OPNsense, pfSense, UDM).
- Avoid double NAT, which would defeat the purpose of this setup.
Key Concerns:
- L2TP Limitations – Does the nature of L2TP affect how I can pass an IP?
- Routing Considerations – Would I need to bridge interfaces, use static routes, or configure some sort of IP passthrough?
- pfSense Configuration – What’s the best way to configure pfSense to allow another firewall to handle the public IP?
I’d love to hear from anyone who has experience passing a public IP from pfSense to another firewall or working with L2TP-based static IP setups.