Pf Beginner requesting help
-
I wasn't sure whether this topic would go under NAT, CARP, or MultiWan so here it goes. I have gone through countless pages and endless searching and, not that i havent seen a solution through searching, i somewhat dont understand it due to different setups etc. I am hoping this will be trivial for the experts out there so please advise this noob on how to set this up correctly.
At present i have:
1 /32 ip by ISP
block of 4 on /30 also provided by ISP.I am currently running an ADSL modem on full-bridge mode and the pfsense box is handling the authentication via PPPoE. I have gone through several posts, and i am somewhat confused by the interchangable terms like 'using VLAN, Virtual IPs, CARP as opposed to ProxyARP, and 1:1;. Could somebody out there possibly provide me with some light as to how i could get these additional IPS operational.
Any help is much appreciated.
Cheers.
-
probably best if you put up a network diagram of what you are trying to implement. include the ip addresses , masks and gateway of everything.
-
Thank you for your reply Sai,
I roughly sketched up what i want to achieve out of the network, but if you have any suggestions that may improve this(because i think this design is very flawed), let me know. What i have done so far is ive managed to map the /30 ips by creating VLANS. What i want to do now is to be able to map those /30s to communicate with my /24 machines. Im not sure if that feasible or not for a /30 to point to a /24. Im confused as to how i should i approach this. Please provide me with some guidance.
Thanks in advance.
-
you dont need VLANS. http://en.wikipedia.org/wiki/VLAN
if you want to map your REAL ip addresses (on the /30) to your private ip addresses (on the /24) then you need NAT
so, if anyone on the internet tries to access your real ip he gets through to your server with a private ip ?
Let say that you have a.b.c.d as your WAN address. You want this to NAT to your mail server on 192.168.1.66 , so that when someone sends mail to you the mail server can handle it
Firewall: NAT: Port Forward
add a rule
Interface: WAN
External address: Interface address (if you want to add more IP addresses here you need to do this under Proxy ARP in the Firewall: Virtual IP Address menu)
External port range: the range of ports on the incoming packets (for mail that would be port 25 to port 25)
NAT IP: 192.168.1.66
Local port: 25
Description: SMTP packets to be sent to the mail servernow you need to add a firewall rule for this , which can be done by keeping the tick box next to "Auto-add a firewall rule to permit traffic through this NAT rule"
-
Thanks again for your reply Sai,
Ill give that a shot, then ill let you know.
Cheers.
Edit: Instead of manually creating entries for every port, is there a faster way to open all ports to an internal PC using this method? (DMZ)
-
Well you can define port ranges instead of single ports.
If you have multiple single ports you want to forward: use aliases
-
Thank you Sai and GruensFroeschli,
Your support has been much appreciated.
This thread can be closed.
