MultiNetting the LAN interface?
-
Folks, I use PFSense boxes like the SG-3100 (the last one I bought) to terminate fiber internet. My needs are simply, I need only to support public static IP's and a private DHCP network concurrently on the LAN ports. Seemingly a classic Multinet. No firewall rules (for this purpose), etc..
Yet it appears I've configured it wrong.
I set up the private IP on the LAN and left NAT on cause. well, I needed it, and then I set up an IP alias to the LAN ports and used my static public range. Nope. Oh it works, but since NAT is on at the LAN port it wants to NAT the public static's too. This is no bueno. But I don't see a way to disable NAT on the alias, and in truth perhaps the counter intuitive to the design.
Is there a better way to accomplish my objective?
BTW, I need the FW component like I need hole in my head. But if I look at the option to disable FW filtering and run in pure router mode it tells me NAT will be disabled. Is there a reliable work around for this? I'd prefer to simplify things if possible.
Thanks for any suggestions!
Dan -
That sounds completely convoluted but you don't control NAT sourced from a specific network on rules on that network. You control them with Outbound NAT.
The easiest way is to probably enable Hybrid mode then make a NO NAT rule for the public source addresses on that WAN address.
There is no such thing as 'classic Multinet.' Putting tewo layer 3 networks on one layer 2 is something that should only be used to do something like transition to new addressing. It should not be used as a permanent solution to anything.
