WAN Bridge and VLAN for virtual machine
-
Hi,
I wanted to ask for an advice. Is there any chance/possibility to bridge WAN interface and create VLAN to give one of VMs WAN address from /28 network.
I was trying to find anything in google, but probably query wasn't specific enough.my configuration:
pfSense SG-8860
WAN: /28
LAN: 10.9.0.0/24Thanks,
Mik -
Absolutely!
One way to accomplish this is through VLAN tagging your WAN. If youre running PFSense in VM, this becomes easier to accomplish since you tag the incoming ISP connection (ex: vlan 100) and simply add VM's to this vlan in the network section in vmware, or if using KVM through the dropdown selection for your NIC addition.
A bit of fair warning though, passing unfiltered internet to a VM tends to put it at risk of attack, so you'd have to be more vigilant on maintaining the VM in question. Just wanted to make sure you're aware of the risk.
The other option is to perform a 1:1 NAT, then allow through firewall rules the specific protocols/ports through to your server. This method isn't "worse" than the first one, it just has different cons.
Option1: Con is security.
Option2: Con is overhead. 1:1 NAT + Firewall rules would have to be parsed for every connection coming in. This isnt going to be a detriment, but without me known the specifics I can't say for sure if its going to be an issue in your environment. I will say however, that this con doesn't apply to 99% of use cases, because the amount of traffic being passed isn't immense.