Đơn vị:
    Tỉnh - Thành phố
    • Hà Nội
    • Hà Giang
    • Cao Bằng
    • Bắc Kạn
    • Tuyên Quang
    • Lào Cai
    • Điện Biên
    • Lai Châu
    • Sơn La
    • Yên Bái
    • Hoà Bình
    • Thái Nguyên
    • Lạng Sơn
    • Quảng Ninh
    • Bắc Giang
    • Phú Thọ
    • Vĩnh Phúc
    • Bắc Ninh
    • Hải Dương
    • Hải Phòng
    • Hưng Yên
    • Thái Bình
    • Hà Nam
    • Nam Định
    • Ninh Bình
    • Thanh Hóa
    • Nghệ An
    • Hà Tĩnh
    • Quảng Bình
    • Quảng Trị
    • Thừa Thiên Huế
    • Đà Nẵng
    • Quảng Nam
    • Quảng Ngãi
    • Bình Định
    • Phú Yên
    • Khánh Hòa
    • Ninh Thuận
    • Bình Thuận
    • Kon Tum
    • Gia Lai
    • Đắk Lắk
    • Đắk Nông
    • Lâm Đồng
    • Bình Phước
    • Tây Ninh
    • Bình Dương
    • Đồng Nai
    • Bà Rịa - Vũng Tàu
    • Hồ Chí Minh
    • Long An
    • Tiền Giang
    • Bến Tre
    • Trà Vinh
    • Vĩnh Long
    • Đồng Tháp
    • An Giang
    • Kiên Giang
    • Cần Thơ
    • Hậu Giang
    • Sóc Trăng
    • Bạc Liêu
    • Cà Mau
    Tin thời tiết Tin tổng hợp Widget
    Thứ 6, ngày 16 tháng 8, 2019, 8:36:21 Chiều
    1. Trang chủ
    2. ảnh đẹp

    NAT Between Public Static WAN IP and LAN IP

    HaoHao
    02:04 22/06/2026

    Hello,

    I've been encountering a problem with my pfSense setup for a while now, and after spending weeks looking around online was not able to find a solution. I think I have a somewhat weird/unideal setup, which might be part of the problem.

    I have a gateway (Technicolor C2100T with Centurylink) with a static IP address (referred to by 60.x.x.110). I also lease an extra small block of static IP addresses from Centurylink - 60.x.x.105-109 are usable, and there is also 60.x.x.111 which is a broadcast IP, and x.x.x.104 which has some other role. I recently set up a pfSense box (hosted in a Watchguard Firebox x1250e) in order to play with pfSense, firewalls, and NAT and try to get some more experience in using them. My current setup looks like this:

    Centurylink gateway (C2100T, public IP 60.x.x.110, internal IP 10.0.2.1) -> pfSense firewall (WAN IP 10.0.2.2 with gateway of 10.0.2.1, DCHP -> LAN IP 10.0.0.2) -> 10.0.0.X subnet of servers/desktops

    I'm fairly sure that this probably isn't a great way to handle this setup, and that the current centurylink gateway should be in bridge mode so that pfSense can handle the actual routing. However, I wasn't sure how to accomplish that while also giving the ability to use my public/static IP addresses on servers within my networks, and I host a couple services from my network which I would really prefer to not be down for the time it would take me to switch it to bridge mode and get everything set up and working on pfSense.

    Currently, all I have to do to use the static IP addresses is set them on any of my machines (IP of 60.x.x.105-109, subnet of 255.255.255.248(/29), and gateway of 60.x.x.110), which obviously doesn't work when the firewall is in the way. I've been trying to set up virtual IPs on the firewall with those static IP addresses, so that I can use 1:1 NAT to make them accessible outside of my network. So far that hasn't worked. I have a test IP address set up as a virtual IP, with the IP address 60.x.x.109, subnet /29 (like in previous working setup) on the WAN interface, and strangely, it can ping external hostnames (google.com worked), but not the 60.x.x.110 gateway address. I also cannot ping the 60.x.x.109 virtual IP from either within or outside of my network, even after setting up 1:1 NAT to go from the 60.x.x.109 to an internal address (10.0.0.241).

    Is there something I missed during this setup? I was hoping it would be somewhat simple to get these public IPs set up and working, but so far it has been out of my reach. Would it be easier and faster to just switch the Centurylink router into bridge mode to remove a layer of complexity?

    Thanks! ![Untitled Diagram.jpg](/public/imported_attachments/1/Untitled Diagram.jpg) ![Untitled Diagram.jpg_thumb](/public/imported_attachments/1/Untitled Diagram.jpg_thumb) ![pfSense VIP.PNG](/public/imported_attachments/1/pfSense VIP.PNG) ![pfSense VIP.PNG_thumb](/public/imported_attachments/1/pfSense VIP.PNG_thumb)