• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

General topology question?

Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
4 Posts 3 Posters 2.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    cybervolkan
    last edited by Mar 20, 2007, 2:31 PM

    I have a cisco 7206vxr router and 3 C-class real ip addresses.
    I will setup pfsense as firewall on my server (with three NIC ) but I am confused about topology.

    My main purpose is giving every hosts (including server farm) virtual ips and NAT them to these 3 c-class ip addresses.

    How should I setup pfsense? On which interface should I assign my real ips?

    1 Reply Last reply Reply Quote 0
    • H
      hoba
      last edited by Mar 20, 2007, 3:09 PM

      Depending on how these networks look like you could simply use the real subnets/IPs at your internal subnet and just route them.

      1 Reply Last reply Reply Quote 0
      • E
        egarnel
        last edited by Mar 20, 2007, 5:12 PM

        The 7206vxr could sit behind the pfsense box and perform traffic-shaping and/or policing before it gets to the pfsense box

        internal networks –---> 7206 ------- pfsense [nat] –- internet

        We do something similar

        we have 3845 routers running as a glbp pair that shape traffic, police protocols, perform ip sla checks and then do policy based routing to send particular traffic out either of the pfsense servers or firewalls or nat routers - based on priority & availability.

        You can use class-maps & service polices to give certain protocols more or less bandwith, qos, etc...  For example:  We choke down bandwidth hogs to a trickle before they even reach the pfsense servers

        The 7206 is a bad ass router that can do a lot of stuff as above, as well as vlan support & firewalling.
        We have one here in our shop, it just cranks right along

        1 Reply Last reply Reply Quote 0
        • C
          cybervolkan
          last edited by Mar 21, 2007, 6:53 AM

          @egarnel:

          The 7206vxr could sit behind the pfsense box and perform traffic-shaping and/or policing before it gets to the pfsense box

          internal networks –---> 7206 ------- pfsense [nat] –- internet

          We do something similar

          we have 3845 routers running as a glbp pair that shape traffic, police protocols, perform ip sla checks and then do policy based routing to send particular traffic out either of the pfsense servers or firewalls or nat routers - based on priority & availability.

          You can use class-maps & service polices to give certain protocols more or less bandwith, qos, etc...  For example:  We choke down bandwidth hogs to a trickle before they even reach the pfsense servers

          The 7206 is a bad ass router that can do a lot of stuff as above, as well as vlan support & firewalling.
          We have one here in our shop, it just cranks right along

          I have an ATM connection to ISP. So I can't put anything in front of my router because of hardware requirements.
          But your suggestion seems smart.

          But I think I will work on Hoba's suggestion.

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received