> Date: Wed, 27 Jan 2010 21:19:17 -0600
> From: g...@s4f.com
> To: support@pfsense.com
> Subject: Re: [pfSense Support] Noob Multiple Public IP Question
>
> Assuming Comcast gave you a contiguous netblock, your netblock would be
> *.*.0.192-207 (192 being the network address and 207 being the
> broadcast) leaving 193-206 as usable IP addresses. *.*.0.175 isn't in
> that net block and so its not likely that its available for you to use.
>
> Adam Van Ornum wrote:
> > Ok, I am pretty inexperienced with IP addressing, particularly when it
> > comes to configuring firewalls with multiple public IPs, but at my
> > small business I'm the most experienced with IT stuff in general so I
> > get to be the one who deals with all this stuff. We have Comcast as
> > our internet provider with a range of public IPs of which we are
> > currently only using one. I'd like to be able to use another public
> > IP in order to expose more services, such as a separate mail or web
> > server.
> >
> > Comcast provided public IPs: *.*.0.206/28
> > Current WAN IP: *.*.0.193/28
> > Current WAN Gateway: *.*.0.206
> >
> > This was setup with a different firewall (a crappy consumer box)
> > before I got here, so after I started I switched over to pfSense and
> > just used the settings that were in the old box. Currently,
> > everything is working fine with this setup but now I am trying to set
> > things up so I can use another public IP (ie *.*.0.175) to expose
> > different web and mail services hosted on a different internal server
> > and I can't get it to work.
> >
> > What I have tried is to add a virtual IP (I've tried both Proxy ARP
> > and Other) with the following settings:
> >
> > Interface: WAN
> > IP Address: *.*.0.175/32
> >
> > And I then setup 1:1 NAT mapping *.*.0.175/32 to 192.168.100.10.
> > Lastly, I create a firewall rule on the WAN interface to allow port 80
> > where the destination is 192.168.100.10.
> >
> > However, this does not seem to work...what am I missing?
> >
Thanks for pointing that out...that was actually just a mistake in my email...I
meant *.*.0.195. I'm not really that much of a noob. :) Apparently I had 175
stuck in my head for some reason...I'll double check the config when I get back
to work tomorrow but I'm pretty sure I had it right (195) there.
Are there any other issues that jump out? Should the WAN IP be set to /28 or
should it be set to something else like /32? Just to see what would happen I
tried setting it to /32 and then our Internet access went completely down.
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
http://clk.atdmt.com/GBL/go/196390710/direct/01/
