Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Single IP WAN with 2 public IP subnets

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    5 Posts 2 Posters 537 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rwfitzy
      last edited by rwfitzy

      I'm just looking for some advice. We are replacing an old SonicWALL 2040 with the latest pfSense and trying to determine the best route to go with the interfaces and firewall setup. There are 4 interfaces in the server: em0, em1, em2, and em3. Oddly enough em2 and em3 are the integrated dual NICs while em0 and em1 are the PCI-e dual nic expansion card.

      In the current SonicWALL setup, we have an assigned /29 for the router itself, let's call it 216.0.2.96/29 with two other subnets on LAN ports of 208.1.2.0/26 and 216.1.2.0/27. We set up the SonicWALL many moons ago and with the help of SonicWALL support. It uses NAT with two custom NAT policies for each of the latter two subnets and WAN->LAN rules setup for allowing traffic to all the hosts. All hosts on the two LAN interfaces use static IP address that are translated as themselves outgoing.

      Reading the pfSense docs and given our ISP setup, I plan to follow the "Small WAN IP Subnet with Larger LAN IP Subnet" section with "Routing Public IP Addresses" under mostly WAN rules to allow traffice to the many static IP addresses on the two LAN subnets assinged to OPT1 and OPT2 interfaces. We do not use any DHCP. Does this sound like the correct set up to follow for our situation?

      1 Reply Last reply Reply Quote 0
      • R
        rwfitzy
        last edited by

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          The subnets you have given there are all public. I assume those are examples only but are they actually public subnets?

          You are following the guide for routing public IPs which implies they are public but youj also mention the Sonicwall is NATing to/from those subnets which implies they are private.

          I think we need more details of how you access the internal hosts, by public IP directly or via port forwards?

          Steve

          1 Reply Last reply Reply Quote 0
          • R
            rwfitzy
            last edited by

            Yes, they are all public and yes, that was the difficult thing about the SonicWALL. When I set that up many years ago, it required their support because of the special NATting needed for my two public subnets. I had to use their wizard when setting up any new host access. We are a hosting provider with all the subnets provided by the data center.

            I have to say, what a breeze and pleasure it was to replace that SonicWALL with pfSense, should have done long ago. I put in place this past weekend and with a few minor tweaks, worked great. I just simply had to set no NAT for Outbound and make my few rules. Now I can granularly control the subnets with ease, set up IDS, more, more....thanks!

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Ah, glad to hear it. ☺

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.