How to set Public IP to VM with isolation

Hello, my Cloud setup its like this :

[ISP Fiber Optic Line] —> [Router Bridge Mode] —> [Firewall pfSense] —> [Node (VM)].

Public IP :
Firewall IP :
Node IP (bg0) :
VM IP (one-30-0) :

After setting port forwarding in the firewall (80), i can reach VM from outside with no problem.

How to set the Public IP address to the VM instead of local IP, so the VM user can see instead of ?

How to completely isolate VM from accessing Node and other VMs ?

Hello, I think that you can’t do this, because your firewall do NAT, so public IP on firewall public interface.