Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Telstra Ip Routing + PFsense

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ANSASERVERS
      last edited by

      Hi Guys,

      I am in some desperate need of assistance. Telstra (our carrier) is going to be mirgrating our services across to their new system tommorow and therefore we will have the chance to have more then one ip address. My question is how can we route the ips through PFsence so:

      a, snort and other applications that we have on our PFsense box still filter and block the trafficas required
      b, the traffic is passed through pf sense and onto the machines so these extra ip addresses DO NOT use NAT. Its a direct connection to the server through PFsense ( if possible )

      Pfsense is currently controlling our PPOE sessions and will remain like that. We just need step by step instructions on how to route the ips to the dedicatd macihines on our network. We have the ip gateways, broadcast addresses and subnets that we need but dont know how to route it.

      I did read somewhere that you use Nat 1:1 but i carnt see where to enter the IP addresses. It only asks for the subnet which is the same internal and external.

      We are using the latest build of PFsense.

      Please provide step by step instructions so we can follow and explain every step in as much detail as possible.

      Thanks in advance

      Matthew

      1 Reply Last reply Reply Quote 0
      • A
        ANSASERVERS
        last edited by

        Okay we have been moved but we dont know how to route the /28  (16 ips through pfsense while keeping SNORT and other addons running and scanning the tickets.

        We do not want NAT to be enabled. We want the following:

        MODEM >> PFSENCE >> SNORT >> WEB SERVER

        With no NAT but the ability to be able to block countries and rules if need be

        Can this be done?

        1 Reply Last reply Reply Quote 0
        • F
          FJSchrankJr
          last edited by

          You need to use a transparent bridge to allow public IPs on the LAN.

          As far as Squid, I cannot help you there my friend but my guess is once you get the bridge working you should figure it out fairly easily.

          WAN - Set IP, Subnet, Gateway
          LAN - Set IP address to "None"
          System Tunables -> pfil_member to 1 , pfil_bridge to 1
          LAN Rules - Change LAN subnet on the ANY rule to ANY, so it should be ANY ANY (otherwise you will be locked out). Remember, when you set the IP to none on the LAN, there is no longer a LAN subnet. Now it's just a interface which is what you want.
          Bridge the interfaces together

          Configure Squid (cant help you on this one)

          Hope this helps, otherwise I misunderstood your post. BTW, this issue haunted me for a week, very tricky to figure out on 2.0 and a lot of experimenting and testing.

          FJS - Embedded Systems Engineer
          Pictures are worth a thousand words, but <u>posting config.xml backups are worth 10,000</u>.  Alter the IPs, change anything revealing but leave subnets intact. Use find and replace. Please try to keep it brief on the description.
          ALWAYS disable TSO  & LRO EXCEPT CHKSUM IF SUPPORTED. TSO/LRO breaks traffic, pf scrub and this goes for any passive device inline

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.