Help with NAT / DMZ
currently I have 2 Wan Ports and 1 Lan port on my PFSense box. I have several port forwarding rules connecting Wan2 to the desired server on the LAN.
I was planning on setting up a second "Lan" as a DMZ. Each server that has public access would have an IP on the second Lan, and if needed a second card / IP for the main LAN. All public inbound traffic would be on the second lan.
I was planning on using 1 to 1 nat connecting wan2 to lan2, but it appears that I can not do that. It seems that all NAT rules are hard coded to the LAN. Am I missing something? Is there a better setup that what I am trying to do?
right now we have a DSL Line (Wan), T1 (Opt1), Lan (local network). Most inbound natted traffic is on the T1, most normal Lan access goes through the DSL Line.
Cry Havok last edited by
There's no point in doing what you're talking about. It will buy you no security benefits.
My main concern for this move is not security,
I have been using untangle as a spam filter, and it has been working great until recently (Worked great for about 18 months, last 3 weeks it has started to give problems). I've had to reboot it a few times. Because it sits between my router and my switch (bridged) when untnagle is being rebooted everyone looses web access.
I would like to move the location of untangle so that it is only filtering public / inbound traffic to exchange. I can not place it between exchange and the switch directly. I have many apps that send mail via exchange, and untangle will mark or deny those messages.