Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dual WAN One LAN DUAL DMZ Different subnet on DMZs

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rookie
      last edited by

      Hi

      I apologize in advance, as my nme implies I am a rookie in pFSense and firewalling in general. I need the following. I have 2 WAN connection with multiple IP PUBLIC IP Addresses. IOW WAN1 has a /27 let us call it A/27 and WAN2 is B/27.

      I need to have servers on the separated DMZs. I do not need failover, yet. I may iplement it at the server level they have dual NICs.

      WAN1/27                WAN2/27
          |                          | 
          |                          | 
          |                          | 
      +++++++++++++++++++++-
      +          pFSense          +
      +–----------------------+
        |              |              |
        |              |              |
        |              |              |
      LAN            |              DMZ2 with WAN2 /27 subnet
                        |
                        |
                        |
                DMZ 1 with WAN! /27 Public Subnet

      I need a minimum of failover for the WANs and would as I have said deal with failover on the DMZs at the Server level or perform Policy-Routing on PFSense.

      I want to bridge WAN1 to DMZ1 and WAN2 to DMZ2.. I ran into some issued when I tried to use one switch with 3 VLANs.. Spanning Trees got involved etc.. seems PFSense has only ONE Bridging engine.. So I will use 3 DISTINCT switches for the purpose. I have a strange feeling that PFSense does not "like" bridging on two distinct interface... Waiting from your inout on the issue...
      We have a n ADSL on WAN1 and 2-Bonded T! on WAN2 .. I would rather NOT use NAT on the DMZ. Failover would be nice but policy routing more important to me ... Policies will be quite simple.. Surfing on LAN through DSL. Some services through DSL from DMZ1.
      Bulk of Services from Bonded T-1 on DMZ2... Failover would have been nice: if DSL is gone then surfing on T-1s if T-1 goes down then...

      I really like PFSense..immensely powerful, light and stable.. I am using it on old COmpaq Proliant DL380 with PIII... I like these old beast, stable and rock solid. I have 2 and will mostlikely implement CARP, later when I learn more.. So far extremely impress by pfSense...

      I thank you in advance for any pointer suggestions, URL, etc...

      rookie

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.