2 public subnets / reach services behind
kreiSSage last edited by
I am planning to get rid of an old linux based firewall (iptables)
WAN part is a public /29 and LAN is also a public /24 with services like webservers / mail servers...
Basically the firewall allows for each internal IP specific ports to be reachable from outside.
I know the classic forwarding NAT WAN IP -> LAN IP but in this case it's something different since I have to be able to reach LAN part with the LAN IP insead of the relative WAN IP.
For example pfsense interfaces:
WAN: 100.100.100.1/29 GW 100.100.100.6/29
I should be able to reach from outside 220.127.116.11:22(ssh) / :80(website)...
Is it possible?
Yes. Assuming 18.104.22.168/24 is actually routed to 100.100.100.1 by the ISP.
Just number the LAN with 22.214.171.124/24.
Go to Firewall > NAT, Outbound, switch to Hybrid mode, and make a NO NAT rule on WAN for traffic sourced from 126.96.36.199/24
Make a firewall rule on WAN passing traffic from any to 200.200.200.X TCP port 22/80.