2 public subnets / reach services behind

  • Hello guys.
    I am planning to get rid of an old linux based firewall (iptables)
    WAN part is a public /29 and LAN is also a public /24 with services like webservers / mail servers...
    Basically the firewall allows for each internal IP specific ports to be reachable from outside.
    I know the classic forwarding NAT WAN IP -> LAN IP but in this case it's something different since I have to be able to reach LAN part with the LAN IP insead of the relative WAN IP.
    For example pfsense interfaces:
    WAN: GW
    I should be able to reach from outside / :80(website)...
    Is it possible?

  • LAYER 8 Netgate

    Yes. Assuming is actually routed to by the ISP.

    Just number the LAN with

    Go to Firewall > NAT, Outbound, switch to Hybrid mode, and make a NO NAT rule on WAN for traffic sourced from

    Make a firewall rule on WAN passing traffic from any to 200.200.200.X TCP port 22/80.

  • Thank you Derelict for your answer.
    I confirm your suggestion worked like a charm!

Log in to reply