Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help with routing/bridge/NAT UPDATED

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 896 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tpfnd
      last edited by

      Hello, all! I am attempting to upgrade my pfsense box to use three NICS. I have 5 public IPs, I have one as WAN, one as LAN, and the last as OPT1. I want the LAN to have one IP, and the OPT1 to route out the other four to a separate switch, in a DMZ format. That switch will run to my two hyper-V boxes which both have two NICS; one for the internal network and one for the DMZ.  I will specify the four IPs directly in the Hyper-V 2012 virtual machines.

      IP allocation:

      WAN: 172.xx.xx.105/29
      LAN: 10.0.0.1
      OPT1: no assignment
      DMZ 172.xx.xx.106-109

      I made a bridge between WAN and OPT1. I then assigned the bridge to OPT2, and assigned 4
      virtual IP (IP Alias) for 106, 107, 108, and 109. Gave OPT1 an any-any rule.  The page for 106 comes up internally, but times out externally still.

      ![base network.jpg_thumb](/public/imported_attachments/1/base network.jpg_thumb)
      ![base network.jpg](/public/imported_attachments/1/base network.jpg)

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        @tpfnd:

        IP allocation:

        WAN: 172.xx.xx.105/29
        LAN: 10.0.0.1
        OPT1: no assignment
        DMZ 172.xx.xx.106-109

        You don't indicate this specifically, but it looks like you have the same network ranges operating on your WAN and DMZ. Nothing from outside will be able to get to anything on the DMZ if both networks occupy the same network space.

        1 Reply Last reply Reply Quote 0
        • T
          tpfnd
          last edited by

          Yeah, it's confusing with my wording; I'm meaning DMZ in that those four IPs are not behind the same firewall rules as the LAN, DMZ here is a "separate segment" in relation to the LAN. ATM they have no ports blocked at all, since I'm doing that on the individual virtual machines themselves as they'll be running different services depending on my current projects.

          I actually got it to work! Here's what I did:

          Enable OPT1, no IP assignment
          Assign virtual IPs 106-109 to WAN
          Bridge OPT1 to WAN (becomes interface BRIDGE0)
          Enable BRIDGE0, it becomes OPT2
          Add rule on WAN for * / vIP 106-109
          Add rule on OPT1 and OPT2 for * / *
          Plug LAN cable from OTP1 into separate switch
          Plug 2nd NIC on Hyper-V to switch
          Assign virtual IPs to 2nd hpv virtual switch interface
          Configure virtual OS to use external IP, external gateway, etc.

          Basically OTP1 becomes transparent, just passing * / * to whatever is connected to the DMZ switch. I might not need the two * * rules on OPT1 or OPT2. But the virtual machine's website (turnkey Drupal) is coming up on external boxes (had a friend in another city test) now.

          I wrote up a howto on the Hyper-V part at http://meow.tpfnd.cat/node/21 and will soon be adding one for the pfSense side.

          1 Reply Last reply Reply Quote 0
          • T
            tpfnd
            last edited by

            tutorial with screenshots

            http://meow.tpfnd.cat/node/20

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.