Guidance: Single WAN interface with multiple IP, mutiple LAN
-
I have a Soekris 6501 running pfsense 2.0.3 and plan on using it to be the primary single firewall for my setup. This will eliminate the 5 devices (Linksys Rv082) I have now handling each subnet (and each bound to one of the public IP's). I have enough network knowledge to be dangerous. My switches can handle everything I plan to do. I am new to pfsense, and like what I see so far in testing.
Details:
Business-class cable with a /29 subnet, static IP's. I have 5 class C networks on the "inside".
My plan:
I would like all bind my external IP's to the single WAN interface on the pfsense firewall and use NAT to forward ports where I need them on the inside networks. Seems like all I need to do is add the IPs to the WAN using VIP, then set up the NAT.
All LAN traffic would egress the pfsense firewall, meaning each class C would have to have a gateway address on it. Seems like like all I need to do is define the gateway addresses as VIP and then add them to the VLAN section with the appropriate tag, and configure my uplink to handle accordingly. I may need to tweak the routing.
Be able to use SSL VPN or IPSec to get traffic onto one or two of the internal subnets.
I looked around and found variations on this theme. I have the pfsense device up and have been testing the pieces, just want to see if anyone has advice to improve things, or prevent any pitfalls.
I appreciate any information, and please let me know if anything more specific is needed.
Thank you.
TJ
-
Apply Virtual IP on your WAN interface and policy based rules on your firewall?