Question about multible WAN and LAN.
-
Hello,
Can pfsense handle the following setup:
Interfaces:
- WAN1 (Internet)
- WAN2 (Closed "Internet")
- DMZ
- LAN1 (Normal users)
- LAN2 (Users that need services on the closed "internet")
Routning:
- All trafic from LAN1 are handled by WAN1.
- All frafic from LAN2 are handled by WAN2.
- All trafic from DMZ are handled by WAN1.
NAT:
- All servers from DMZ have static NAT with a IP from WAN1.
- All computers from LAN1 have dynamic NAT to one IP from WAN1.
- One server from LAN1 have static NAT with a IP from WAN1.
- All computers from LAN2 have dynamic NAT to one IP from WAN2.
- Server from LAN2 have static NAT with a IP from WAN2.
Thanks for your input.
/Lars
-
Yes, all those things look possible. That will use policy-routing to direct traffic to the required WAN, manual outbound NAT (and it might even be that automatic outbound NAT will do a bit broader thing than you want, but that will be fine because your firewall pass rules will only allow a cut-down set of traffic to particular WANs anyway), 1:1 NAT for servers. I don't think you will even need to define static routes for the networks available out WAN2 - the policy-routing rules should send it that way without the help of static routes.
-
Great, thanks.