2 public subnets / reach services behind



  • Hello guys.
    I am planning to get rid of an old linux based firewall (iptables)
    WAN part is a public /29 and LAN is also a public /24 with services like webservers / mail servers...
    Basically the firewall allows for each internal IP specific ports to be reachable from outside.
    I know the classic forwarding NAT WAN IP -> LAN IP but in this case it's something different since I have to be able to reach LAN part with the LAN IP insead of the relative WAN IP.
    For example pfsense interfaces:
    WAN: 100.100.100.1/29 GW 100.100.100.6/29
    LAN: 200.200.200.1/24
    I should be able to reach from outside 200.200.200.7:22(ssh) / :80(website)...
    Is it possible?


  • LAYER 8 Netgate

    Yes. Assuming 200.200.200.0/24 is actually routed to 100.100.100.1 by the ISP.

    Just number the LAN with 200.200.200.1/24.

    Go to Firewall > NAT, Outbound, switch to Hybrid mode, and make a NO NAT rule on WAN for traffic sourced from 200.200.200.0/24

    Make a firewall rule on WAN passing traffic from any to 200.200.200.X TCP port 22/80.


Log in to reply