Hybrid routed and NAT'ed network
-
We have a stable setup using a private address range on the LAN side with NAT (192.168.x.x).
Now we have the requirement to set up some servers with public ip addresses.
https://docs.netgate.com/pfsense/en/latest/book/routing/routing-public-ip-addresses.html gives a clear enough overview of what should be done.
My concern is with the underlying network. The pfSense instances are virtualised using proxmox and we don't have additional nic's for this, so the obvious way to do this is to great a VLAN. I'm working out how to add this to a production service without accidentally destroying the connectivity to the NAT'ed servers.
The ISP has routed the new public /29 to our gateway address via a static route. My thinking is this:
- Add VLAN to the LAN port to create a new nic.
- Create a new OPT1 interface in pfSense and assign the gateway ip of the /29 to the VLAN nic.
- Set Hybrid outbound NAT
- Add firewall rules for inbound and outbound traffic as desired.
Have I missed anything? Is there anything I should look out for / take special care? Is the addition of a VLAN to an existing nic as simple as it seems?
-
I have now added a VLAN to the LAN port in proxmox and created a bridge from that. This I have added to pfSense with the first address of the ip subnet which will act as gateway for the /29 addresses from the guests/hosts on the network.
So far so good.