Same WAN port, multiple IPs?
-
Host your DNS somewhere else. he.net comes to mind.
I would rather put a bunch of port forwards/rules in something like pfSense than maintain local "software" firewalls on a bunch of servers. Maybe that's just me.
-
Thanks, I'll look into this. Fwiw, I didn't get the ISPs router. I have straight Ethernet coming into the house, which is convenient for hooking up my APU box.
-
Thanks, I'll look into this. Fwiw, I didn't get the ISPs router. I have straight Ethernet coming into the house, which is convenient for hooking up my APU box.
So you have a fiber connection, even better. (I should have seen this you clearly pointed out APU)
What is the issue with using a 1:1 NAT ? -
I would also rather use centralized management for the firewall setup, eg. Using pfSense would be ideal. Earlier posts lead me to believe that such was not feasible.
As for DNS, my domain registrar already provides DNS, including DynDNS. This will work fine at first, during the early stages, when there are not many Domains. It's when there are more domains being added daily, assuming I get that far, that manually matching up everything by hand will become impossible.
Good advice, all around. Thanks everyone!
-
Ok, everyone keeps mentioning 1:1 NAT. My problem with is is, eh, I don't know what that is or how to use it. I'm gonna look that up now in the docs and/or wiki.
-
Ok, everyone keeps mentioning 1:1 NAT. My problem with is is, eh, I don't know what that is or how to use it. I'm gonna look that up now in the docs and/or wiki.
1:1 allows the segregation of port mapping on one interface to the specified IP. (Not the best explanation)
example:
External IP 172.184.25.2 using port 80
External IP 172.184.25.3 using port 80 and port 443and so on.
-
From the Definitive pfSense Guide (available to Gold Subscribers)
1:1 (pronounced one to one) NAT maps one public IPv4 address to one private IPv4 address. All traffic from that
private IPv4 address to the Internet will be mapped to the public IPv4 address defined in the 1:1 NAT mapping,
overriding your Outbound NAT configuration. All traffic initiated on the Internet destined for the specified public IPv4
address will be translated to the private IPv4, then evaluated by your WAN firewall ruleset. If the traffic is permitted
by your firewall rules to a target of the private IPv4 address, it will be passed to the internal host. -
That makes perfect sense! One to one, instead of one to many. Thanks Mr. KOM!
-
Ok. So, I finally made the switch to 5 static IPs. I've setup 1:1 for the 2nd of 5 IP addresses, and configured NAT rules, etc, but the firewall log shows no traffic going to it. I suspect this is because the WAN interface only knows about 1st address. If this is the case, then how do I tell my pfSense box that it has 5 IPs on the WAN, not just 1?
-
Oops,
I just reread the previous posts. I see now the solution is with Virtual IPs. Implementing that now.Thanks again for everyone's help!
