I have a /27 pool of ip. All the IP are set as virtual IP in pfSense and I use NAT port forwarding to redirect public IP to internal network. I now have a scenario where I want to lease a server in our rack to a friend and I would like them to be able to use 1x of my public IP with no firewall rule. I want it wide open to they can then in turn spin up a pfSense VM on their xcp-ng Host.
Could anyone advice on how I can get my public static IP to the host behind pfSense? Do I need to use bridge network our routes?
@LTS_Tom I have been working on this and done a lot of reading and here is my latest update.
The datacenter told me that I have 1vlan where they send all my public subnet allocated to me to.
In pfSense, I have setup my HA and all that part is working.
Setup 1 (working):
I disconnected the uplink from the pfSense appliance and connected it directly to the switch. Then I connected from the swich back to the pfSense wan and this way I can now get xcp-ng vm to get all the public ip From my /27 and /29 subnet and do port forwarding for all my internal network servers.
Although this solution is working we would rather have everything behind the firewall so we can do IPS/IDS port blocking etc. Like in this diagram (not in HA but to show the idea of what I want)
Setup 2 (not working)
We connected the uplink cable back to the firewall wan and now, none of the VM are able to ping the internet
Setup 3 (not working)
We kept the uplink connected to the firewall and created a new vlan101. We then created a new interface with the first usable IP if the /29 subnet. In xcp-NG, we created a new network with vlan101 and assigned it to the VM. The VM is not able to ping the internet.
Does it matter that the gateway for both subnet are not the same is they are sent to the same vlan in my rack?
Could anyone please help me further in this issue?
