# How to Attach a Floating IP via pfSense?

This SOP provides step-by-step instructions to configure **pfSense firewall**, including attaching and using a **Floating IP** via a dedicated network interface. This allows the internal VM to be reachable via public IP using 1:1 NAT.

## **Pre-requisites:**

* pfSense VM deployed and accessible
* Floating IP is available in the public pool
* VM created and reachable from pfSense LAN

## **STEPS TO FOLLOW:**

### **Step 1: Assign the New Public Interface to pfSense**

1. Attach a floating IP or public interface to the pfsense VM.
2. Access pfSense Web GUI:

Use a VM (e.g., a Windows or Linux VM) that is created from the same internal VPC/subnet as pfSense's LAN interface

* Open a browser on that VM via console
* Go to: https\://\<pfSense-LAN-IP>

Example: <https://192.168.7.1>

**Accessing pfSense GUI in Browser**

![](/files/ad8e725df6b3dd73ae828661e621d92a89c04315)

1. Log in to the **pfSense Web UI**.
2. Go to: **Interfaces > Assignments**

![](/files/fbc95130e918d64d4001e41457e8f7ca513afd98)

3. Under **Available Network Ports**, click **Add** next to the newly attached public (Floating IP) network interface.

![](/files/3ffa4da77e27c064f1dae26b2d80880ce78bde38)

### **Step 2: Configure the New Interface (e.g., OPT1)**

1. Navigate to: **Interfaces > OPT1** (or whatever the new interface is named)

![](/files/63d4663caf5f0a7626532f80e2807677e688cf20)

2. Check **Enable Interface**.

![](/files/464a7420ef473156e734ffef334f95ed866ac349)

3. Change the description to a client-specific name, such as **Client1\_FloatingIP\_Interface.** (Optional)
4. Set:

**a. IPv4 Configuration Type**: DHCP

![](/files/262de272062d52e15fd97e90067dc48f1fb0a222)

5. Scroll down, click **Save**, then **Apply Changes.**

### **Step 3: Create Firewall Rule to Allow Traffic on New Interface**

1. Go to: **Firewall > Rules**

![](/files/57a725dbec885e5331181cda5d9265285f09f012)

2. Select the tab for the **new interface** (e.g., OPT1) and click **+ Add** rule.

![](/files/5049755589a6fdae43e446b71e3f4fb5f009d182)

**a. Action**: Pass

**b. Interface**: OPT1

**c. Source**: Any

**d. Destination**: Any

e. Add Description: Allow Public Access for Client. (Optional)&#x20;

![](/files/f08f19f7d8d17c4021634b3b1c7013b81ee4d5ba)

4. Click **Save**, then **Apply Changes**

This allows incoming traffic to the Floating IP for the client VM. You can restrict it to specific IPs later.

### **Step 4: Configure 1:1 NAT to Internal VM**

1. Navigate to: **Firewall > NAT > 1:1**

![](/files/a94bece007ee808a2128c98e991beb60794ea53c)

2. Click **+ Add**

![](/files/1ad11b1921d19382e6e12f6d7a6cb7feb95c06c2)

3. Fill in:

* **Interface**: OPT1(Newly added—eg windowsvm1)
* **External Subnet IP**: The Floating IP assigned via DHCP
* **Internal IP**: Private IP of the internal VM (e.g., 192.168.7.10)
* **Description**: e.g., Client1\_Floating\_NAT

![](/files/b0396b3c9c09bc4bc5e4f102d803302009d44e58)

4. Click **Save**, then **Apply Changes**

This sets up a 1:1 mapping between the public IP and the internal VM.

### **Step 5: Validate Connectivity**

1. Ping or browse to the **Floating IP**
2. Ensure it forwards correctly to the internal VM (e.g., RDP, HTTP, SSH)

## **Additional Notes**

* You can configure **multiple NAT rules** if the client has more internal VMs and Floating IPs.
* pfSense's **firewall rules work similarly to Security Groups** — restrict access as needed by source IP, port, or protocol.
* Ensure that the internal VM has **pfSense's LAN IP as the gateway**.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.acecloud.ai/knowledge-base/tutorials/how-to-attach-a-floating-ip-via-pfsense.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.