Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hybrid routed and NAT'ed network

    Scheduled Pinned Locked Moved
    Routing and Multi WAN
    public ips routing vlan
    1
    2
    360
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • lifeboyL
      lifeboy
      last edited by lifeboy

      We have a stable setup using a private address range on the LAN side with NAT (192.168.x.x).

      Now we have the requirement to set up some servers with public ip addresses.

      https://docs.netgate.com/pfsense/en/latest/book/routing/routing-public-ip-addresses.html gives a clear enough overview of what should be done.

      My concern is with the underlying network. The pfSense instances are virtualised using proxmox and we don't have additional nic's for this, so the obvious way to do this is to great a VLAN. I'm working out how to add this to a production service without accidentally destroying the connectivity to the NAT'ed servers.

      The ISP has routed the new public /29 to our gateway address via a static route. My thinking is this:

      • Add VLAN to the LAN port to create a new nic.
      • Create a new OPT1 interface in pfSense and assign the gateway ip of the /29 to the VLAN nic.
      • Set Hybrid outbound NAT
      • Add firewall rules for inbound and outbound traffic as desired.

      Have I missed anything? Is there anything I should look out for / take special care? Is the addition of a VLAN to an existing nic as simple as it seems?

      1 Reply Last reply Reply Quote 0
      • lifeboyL
        lifeboy
        last edited by

        I have now added a VLAN to the LAN port in proxmox and created a bridge from that. This I have added to pfSense with the first address of the ip subnet which will act as gateway for the /29 addresses from the guests/hosts on the network.

        So far so good.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post