Public IP from Static Block routed to an I/F behind firewall

I have a data circuit with a separate block of static IP’s. I have a device behind the firewall that will require one of the static IP’s. So (made up numbers) has to pass through the pfSense firewall and end up as the same at the interface of the particular device. What is the preferred method in pfSense to accomplish this? Thanks.

I’m not sure whether what you’re asking to do is possible. The industry standard way to handle this is to use 1:1 NAT, meaning your inside device has a non-public IP and you map all ports on the public IP to/from the private IP. You’ll find lots of instructions if you google “pfsense 1:1 NAT”.

The other industry standard is for the ISP to give you a /30 (a single IP) which you put on your router/firewall, and a separate IP block which is routed to the prior IP, and can be used for your servers and whatnot. ISPs have moved away from that largely because it wastes additional IPv4 addresses.

The one thing I can see that might work for you, as mentioned here , would be to use a second interface in PFSense and bridge it with your WAN. At this point PFSense is acting like a switch for that interface, although there are still ways to enforce firewall rules on a PFSense bridge.


Have a look to internal/external bridging:

You just neet that one IP inside your network? I don’t know your exact topology and setup. Buf if you have a public IP block, your ISP can route that to you via a small /29 subnet or smaler (/29 is minimum for HA setup). You define that /29 subnet to your WAN interface and use your public block inside your network just like a private network.

Thanks everyone for your input. I figured out what I required was a transparent bridge. Set up and tested, works exactly as I needed, and with the ability to firewall the traffic.