Dual setup; WAN with NAT and Bridge (modem)
-
Hi,
Just wanted to share this for reference but also for feedback. I didn't see this documented anywhere, but maybe for good reason ;)
I have a WAN with an External IP statically configured for it. The pfSense box routes multiple LANs and a DMZ with normal NAT and firewall.
Now I had this situation where another party needed to use their own router behind the same connection. Since I have two /29 blocks of IP's I thought that must be possible. Double NAT is out of the question, so I needed to bridge an external IP over the WAN interface (the only incoming UTP) to another interface on which the other router resides.Let's say I have the blocks 1.2.3.144/29 and 1.2.5.144/29
Now what I've done is create a bridge between WAN and OPT5 and give it one of the external IP's; 1.2.3.149/31
I gave the other router 1.2.3.148/31 and set 1.2.3.149 as the gateway. (Using this small subnet is not normal practice, but seems no problem when no other hosts are in the network…)I removed all NAT rules for this IP address and allowed all traffic (firewall) to and from the other router.
This works great! I now have a dual setup on one pfSense box; Normal NAT for LANs and a bridge for another external router.
So, have I done this properly or should I configure it differently? Thanks.