Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    General topology question?

    Problems Installing or Upgrading pfSense Software
    3
    4
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cybervolkan
      last edited by

      I have a cisco 7206vxr router and 3 C-class real ip addresses.
      I will setup pfsense as firewall on my server (with three NIC ) but I am confused about topology.

      My main purpose is giving every hosts (including server farm) virtual ips and NAT them to these 3 c-class ip addresses.

      How should I setup pfsense? On which interface should I assign my real ips?

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Depending on how these networks look like you could simply use the real subnets/IPs at your internal subnet and just route them.

        1 Reply Last reply Reply Quote 0
        • E
          egarnel
          last edited by

          The 7206vxr could sit behind the pfsense box and perform traffic-shaping and/or policing before it gets to the pfsense box

          internal networks –---> 7206 ------- pfsense [nat] –- internet

          We do something similar

          we have 3845 routers running as a glbp pair that shape traffic, police protocols, perform ip sla checks and then do policy based routing to send particular traffic out either of the pfsense servers or firewalls or nat routers - based on priority & availability.

          You can use class-maps & service polices to give certain protocols more or less bandwith, qos, etc...  For example:  We choke down bandwidth hogs to a trickle before they even reach the pfsense servers

          The 7206 is a bad ass router that can do a lot of stuff as above, as well as vlan support & firewalling.
          We have one here in our shop, it just cranks right along

          1 Reply Last reply Reply Quote 0
          • C
            cybervolkan
            last edited by

            @egarnel:

            The 7206vxr could sit behind the pfsense box and perform traffic-shaping and/or policing before it gets to the pfsense box

            internal networks –---> 7206 ------- pfsense [nat] –- internet

            We do something similar

            we have 3845 routers running as a glbp pair that shape traffic, police protocols, perform ip sla checks and then do policy based routing to send particular traffic out either of the pfsense servers or firewalls or nat routers - based on priority & availability.

            You can use class-maps & service polices to give certain protocols more or less bandwith, qos, etc...  For example:  We choke down bandwidth hogs to a trickle before they even reach the pfsense servers

            The 7206 is a bad ass router that can do a lot of stuff as above, as well as vlan support & firewalling.
            We have one here in our shop, it just cranks right along

            I have an ATM connection to ISP. So I can't put anything in front of my router because of hardware requirements.
            But your suggestion seems smart.

            But I think I will work on Hoba's suggestion.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.