• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Part two

Scheduled Pinned Locked Moved Routing and Multi WAN
3 Posts 2 Posters 1.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    schnibitz
    last edited by Jun 6, 2007, 4:22 AM

    Has anyone done this before, and how well does it work?

    -Two-Tier firewall
    -First tier has Internet-facing VIP addresses with 1:1 NAT relationships to VIPs that reside on the external interfaces of the second tier firewalls .
    -That Internal tier's VIP addresses all perform some kind of port forwarding for FTP, HTTP, or other protocols, and also some proxying.

    It looks this:

    Internet
                                                    |
                                                  VIP1
                                                -PFSense-
                                                InternalIP
                                                    |
                                                  VIP2
                                            -Second tier FW-
                                                Internal IP
                                                    |
                                                  router
                                                    |
                                                Web Server

    1:1 Nat from VIP1 to VIP2
    VIP2, does port redirection for HTTP

    How well does that work?  I'm concerned with the double-NAT part in particular.  Can any of y'all see any problems there?

    Thanks,
    Schnibitz

    1 Reply Last reply Reply Quote 0
    • C
      cmb
      last edited by Jun 6, 2007, 5:12 AM

      I run a similar setup at home, but don't NAT on the internal (second) firewall. You can route on that one and avoid all the issues of double NAT.

      1 Reply Last reply Reply Quote 0
      • S
        schnibitz
        last edited by Jun 6, 2007, 5:27 AM

        Can you give me an example of issues I might run into with the double-nat stuff?

        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          1/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received