Slightly odd config, will this work?
-
I have a PF sense box with one opt interface. Our ISP assigned us a single address in a 66.x.x.x block and recently gave us an additional 206.x.x.x/29 for servers.
I wanted to forward the 206 block to OPT1, assign the 206.x.x.x IPs directly to the servers and have PF sense filter transparently, really don't want NAT because i'm planning on putting an FTP and a PPTP server on OPT1 but i do want filtering through PF sense.
Should I bridge OPT1 with WAN and put in the router for the 206 block or is there something else that needs to happen?
-
Does your ISP route the 206.x.x.x/29 to your 66.x.x.x IP?
In this case you can assign the first 206.x.x.x/29 IP to the OPT interface and disable NAT for this subnet.
–> http://forum.pfsense.org/index.php/topic,11381.msg62942.html#msg62942 -
Thanks for your reply. Im getting a bit confused by the different terminology used by my ISP. They are saying that its routed directly to the interface (bridged). which i'm assuming means that over the same cable i could contact our main router on the 66 net and another router on the 206 net? ???
-
Well the question is probably: does your ISP provide a gateway within the 206.x.x.x/29 subnet,
or is the 66.x.x.x IP the gateway (seen from the internet) to your 206.x.x.x/29 subnet? -
206.x.x.233 is the handoff which would go in your router. It has to be able to accept secondary routes, though.
So do i define a static route for the 206.x.x.232 network on the wan interface then assign 206.x.x.233 to opt1 and 234+ to servers on opt1?
Thank you again for your help.
-
206.x.x.231 is the Network ID
206.x.x.232 is the first usable IP –> assign this IP to the OPT interface --> This is the gateway for your servers.
206.x.x.233 - 238 are usable IP's for your servers
206.x.x.239 is the broadcast-addressYou dont have to define a static route.
If you add 206.x.x.232/29 as an interface the routing table will automatically contain an entry defining this subnet as localy directly reachable.
This is after all how routing works.Now just disable NAT for the opt subnet as in the link i posted.
-
Alright i took all those steps, created Firewall rules in both opt1 and wan
OPT1: IP: 206.x.x.232 /29
No gateway although i have tried setting the ip to .233 and the gateway to .232 and .231WAN & OPT1:
Proto: any; Source: OPT1 Subnet; Dest: *
Proto: any; Source: *; Dest: OPT1Set NAT to manual, only rule is the default WAN to LAN rule.
Server is set to 206.x.x.234; 255.255.255.240; gw 206.x.x.232
from the server i can ping the 206.x.x.232 and our WAN IP 66.x.x.233 but not the WAN gateway 66.x.x.232.
still not able to get an outside machine to ping 206.x.x.232 or .234. i set logging on all firewall rules that touch OPT1 and can see accepting outgoing ping but nothing after that.
-
when i set the OPT1 interface to .233 i can ping it from outside the network but it still wont route traffic from .234 when i set the gateway to .233
