I'm working on giving some servers elsewhere access to some VMs with static public IPs, and would like the outbound IP to match their public incoming IP to make the other servers able to control access via IP and not all my one shared IP. I'm unaware of "best practices" for this, so bear with me if this setup is wrong or sloppy and educate me
From what I've read I can do this by changing pfsense outbound NAT from Auto to Manual then adding the rules myself.
Before I start to play around I thought I'd ask the Networking Gurus on STH if there's more to consider / something I may have missed or don't understand completely.
- Currently setup for 'auto' so all outbound traffic uses my pfsense/router static public IP
Goals are as follows:
Does that sound appropriate?
Also wondering at this time if I should not use NAT 1:1 for inbound and use ports / aliases or some other configuration to control at the router/firewall (pfsense) vs. 1:1 and relying on keeping the firewall on the VM safe too. Thoughts?
From what I've read I can do this by changing pfsense outbound NAT from Auto to Manual then adding the rules myself.
Before I start to play around I thought I'd ask the Networking Gurus on STH if there's more to consider / something I may have missed or don't understand completely.
- Currently setup for 'auto' so all outbound traffic uses my pfsense/router static public IP
Goals are as follows:
- All internal 192.168.1.x (LAN Port) on pfsense appliance will continue using pfsense static IP outbound (home network) Re-Use existing auto-generated outbound NAT rule to accomplish this.
- All internal 192.168.2.x (LAN 2 Port) on pfsense appliance will use another static IP outbound (server/host outbound, ie: ProxMox Updates/Downloads, and other VMs without their own static IP mapping) Create outbound NAT rule to use another static IP for this internal network.
- Create specific outbound NAT rule for each static IP assigned to VM so that their incoming static matches outgoing. (Create Virtual IP / Alias for static IP to be used when configuring outbound NAT as well.)
Does that sound appropriate?
Also wondering at this time if I should not use NAT 1:1 for inbound and use ports / aliases or some other configuration to control at the router/firewall (pfsense) vs. 1:1 and relying on keeping the firewall on the VM safe too. Thoughts?
Last edited: