WAN to WAN (LAN)



  • Hello guys,

    Can you use pfsense as a WAN to LAN but with external IPs

    as example:

    WAN : 100.100.222.222/27 & /28 (They are routed to me and assigned via virtual / CARP IPs)

    "WAN LAN" : 100.100.22.222/27 (With DHCP)

    HA: to other pf sense box

    LAN: 10.0.0.0/8

    I Just would like to pass the /27 to VMs and give them external IPs directly in THE "WAN LAN"

    I Would like to have the ability to NAT some IPs and some to Pass 1:1 Just to have somehow control of the traffic etc...

    What I would like to achieve is to give some VMs and Ded Server static IPs and still be able to set some rules before them and shape traffic or maybe NAT something ...

    Kind regards,

    Kamil


  • LAYER 8 Global Moderator

    Well if your /27 is ROUTED to you, you can do whatever you want and sure break that up into smaller subs /28 or /29 etc.. For some devices behind pfsense, and then others IPs you could just put on your wan and do 1:1 nat or Port forwards to other rfc1918 address, etc.



  • Well, yes it is.

    I would not like to split my network into smaller subnets.

    I Just would like to take that "100.100.222.222 &3 &...." and "pass" or filter in into my Internal network.

    But as soon as I assign the same IPs to my WAN and my "WANLAN" Pfsense decides to give the guys in the "WANLAN" 169.x.x.x IPs, or they get it themselves but with the DHCP name which is strange.

    Thank you for reply tho !


  • LAYER 8 Global Moderator

    @flixhostde said in WAN to WAN (LAN):

    But as soon as I assign the same IPs to my WAN and my "WANLAN"

    Well you would never DO THAT!!!

    If 100.100.100.0/27 is routed to you... Then break it up to how ever you want.. say put 100.100.100.16/28 on a network where pfsense IP would be say 100.100.100.17/28

    Then your clients could be 18-30

    Your sure its ROUTED to you, not directly attached... So you have another different transit network on pfsense..

    And you could use the first half of the /27, via /28 or the 100.100.100.1-14 as VIPs on your wan and use those for other rfc1918 addresses behind pfsense via 1:1 nats or port forwards..

    If pfsense has a IP/27 on its wan - that doesn't say routed to me, that says directly attached..

    Routed would be when you have say a transit network of 1.1.1.0/30 where .1 is your gateway and .2 is pfsense IP - and this 100.100.100.0/27 is actually routed to your 1.1.1.2 address.



  • @johnpoz said in WAN to WAN (LAN):

    ed would be when you have say a trans

    AHH,

    Thank you, So munch! Now I understand!


Log in to reply