Newbie looking for some help
-
Hi Guys,
I'm looking for some help and advice. My setup is a single server with 3 nics and I've got a single WAN connection with a block of 8 IP addresses on one of the nics. The other two need to go via cross over cables to a single DRAC port and to an Asterisk server.
My requirements are that the asterisk server nic and the WAN nic are routed with no NAT and thus the Asterisk server has an IP address in the range of 8 addresses. The DRAC card I'm more flexible with. Ideally it'd be on another address in the block of 8 but I'm not sure if that's possible.
Does that make sense? Will I be able to do it or will I have to NAT the DRAC nic due to a lack of IPs.
Looking forward to hearing some advice.
Steve
-
you could bridge all the NICs together and put the DRAC on a public IP, but I wouldn't recommend it. DRACs, ILOs, printers, IP phones, basically any embedded IP-enabled device like that has a fragile IP stack. Newer generation DRACs have gotten a bit better, but I wouldn't trust one open to the Internet to be accessible. You could mitigate the risk by strictly limiting access to only authorized IPs via firewall rules, personally I'd be more comfortable having it on a private subnet and VPN in to get to it.
-
Hi,
Thanks for the reply, so does bridging turn PFSense into a kind of Layer 3 switch?
So, I could bridge WAN and LAN and then use the block of 8 addresses for those with a VPN for the DRAC.
When bridging does the LAN interface still get an IP Address?
-
Bridging makes a layer 2 switch with filtering. A firewall without a bridge is more akin to a layer 3 switch. You wouldn't put any IP on anything but WAN when bridging everything together.
-
Ok I get it…. so another question that springs to mind.
In bridging mode with an IP address on the WAN nic, is the WAN nic the gateway for the devices connected to the LAN/OPT nics?
Ta
-
No, when you're bridging, the firewall is transparent. You use the upstream gateway. Details in http://pfsense.org/book