Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Split LAN and routing to 2 Lines…

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 3 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sap68
      last edited by

      Hi,

      My purpose is to split in 2 my LAN so I can route my servers (3/4 machine) to an xDSL line with multiple Public IP's and route all client to a more convenient ADSL line…

      At this moment I have a 1.2.3 pfsense box with 3 nic (Wan, Lan + Opt) Opt port is unused.

      My thoughts:

      1. My servers is on a separate switch, maybe I can use the Opt port as a DMZ?
      But how can i put the ADSL router, as navigation line?

      2. I put adsl router on Opt port, but how can I separate servers from clients PC's?

      What is the best solution for this ideas?

      Thanks in advance...

      1 Reply Last reply Reply Quote 0
      • H Offline
        heper
        last edited by

        if you have a layer 2 switch (to work with VLAN's) that could work
        that way you can put your dsl's on WAN & opt1 and create Vlan interfaces on you physical lan interface.
        with some simple firewall rules you can then push all clients out by opt1 gateway and all servers can go on the WAN

        if you do not have the possibility to use VLAN's then i think it's best to add a 4th network card to create an opt2 interface to split up your lan

        1 Reply Last reply Reply Quote 0
        • S Offline
          sap68
          last edited by

          @heper:

          if you have a layer 2 switch (to work with VLAN's) that could work
          that way you can put your dsl's on WAN & opt1 and create Vlan interfaces on you physical lan interface.
          with some simple firewall rules you can then push all clients out by opt1 gateway and all servers can go on the WAN

          if you do not have the possibility to use VLAN's then i think it's best to add a 4th network card to create an opt2 interface to split up your lan

          Thanks too much.

          For now I have only one Alix Pfsense box so I cannot add a 4th network card, Vlan's system It's the only one I can implement at this moment.

          But what if the split in 2 Lan is not a mandatory step?

          My goal is to prevent client to access Public Wan (the one belong to servers), to prevent possibility to blacklist the public IP…

          1 Reply Last reply Reply Quote 0
          • M Offline
            Metu69salemi
            last edited by

            Use static ips with servers and use like .2-.127
            create dhcp for the clients from .128-.253

            then create manual outbound nat rule that only server ip's can go through that one gateway and another rule for the clients, that those use that another gateway.

            That should do it

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.