Static WAN to LAN pfsense

Hello im having some trouble with multiple WANS on pfsense,
so my WAN gets 105.76.23.8 the local address that AT&T gives me and I also have a /29 block of static IPs from them im running pfatt and figured out how to pass my /29 through he NAT but I just cant find any documentation on having a differnt WAN IP for each physical interface on pfsense.

The config I want:
WAN 105.76.23.8 -> igb0
WAN 84.22.35.31 ->igb1 -> to a server
WAN 84.22.35.32 ->ix1 -> to another router

how would you be able to do something like this?
I’m unsure of how to get each interface to you a independent public IP.

Why have a public IP on each, why not just port forward to the servers behind pfsense allowing pfsense to act as a firewall?

Because I also have a router that I would like to put behind the pfsense.

1 Like

It’s something I have rarely done, but they have a write up here how to do it.
https://docs.netgate.com/pfsense/en/latest/book/routing/routing-public-ip-addresses.html

I would personally use a VIP and not do pass any public IPs through.

2 Likes

@LTS_Tom thank you so much that’s exactly what I was looking for. If I have a firewall on that interface it shouldn’t be a bad thing to do right?

It is not bad, just puts more complexity in your setup.

I had a look at this and couldn’t get it to work, my use case was that we host remote servers for a business and they wanted each server to have a Public IP (we have a /29 -14 useable IP’s).

I have my IP’s configured as Virtual IP’s, but without losing two IP’s, I couldn’t figure out how to give a sever a public IP in the /29 range- I think due to the way my ISP hands out the IP’s (PPPOE).

The only option for the servers themselves to have an IP in the /29 is for them (the interface(s) they connect to) to be bridged with the WAN interface. Otherwise there’s no way to route the traffic.

The business won’t accept a 1:1 NAT to a private IP on the servers? It is a bit more of a pain, but it is the proper way to handle this type of ISP subnet assignment. The days of the ISP using a /30 and routing a /29 or larger to it are gone.

I offered the business a whole internal IP Range to play with, to which they replied they wanted Public IPs.