Topology Question - Long term frustration
-
I have a block of 5 Static IP's from my provider. I know they all work, because I can set my router as any one of them, and everything works. No need to set or request any MAC address registration, etc.
I have the SG-2220 with one port in, and one port out. I want 1 ip to pass through to my router, and 4 ip's to go to a switch, where they will connect to 4 out-facing computers.
I want to use the SG-2220 as a hardware firewall, and traffic monitor. I've configured 4 virtual IP's. They probably work, but I've been unable to figure out how to get the router to work in series with the SG-2220.
Seems like I need a switch on the in-facing SG-2220 port, and connect the router and 4 computers to that switch. The router does not seem to be very happy with that.
I've been playing with this config on and off for 2 years, and have no satisfying solution.
Would love some ideas!
Thanks!
Mr. Patient
-
Would creating a DMZ and doing a 1:1 NAT be a better idea.
-
Thanks for the reply. My question is more topology related. Following your lead (which I have been trying similar strategies, and I believe is correct): So, I would connect the pfSense wan port directly to my ISP provider connection (not a modem, just an ethernet port). The LAN port of pfSense I would have to connect to a switch, so that I could break out 4 of the ips for outfacing computers, and plug the wan port of the router (for internet on my other computers) into the switch also.
I've tried that with a layer-2 switch, with less than satisfactory results. I've ordered a layer-3 switch to try that.
The other thing I've been trying is a switch right off the ISP (as a DMZ switch), and then plug both the router and pfSense into the DMZ switch. That doesn't work either, though this also might work with the layer-3 switch.
Please keep the ideas coming! Thanks!