Routing / firewalling two class c's
Tried searching but not even sure what to search on…
In previous setups I've had a small subnet, like a /30, that is assigned to the outside interface. Traffic for that and any other networks are sent on that port. I can then setup OPT interfaces with those subnets and everything works great. In this case I only have two class c's. Here's how they are setup:
Both come in on a single cable but have dual gateways like that. Meaning I could plug that into a hub, connect servers to it, give it the .1 gateway and it will work. Obviously I don't want to put everything on the internet without a firewall. I want the NAT'd external ip to 220.127.116.11 and all other ips have to go through pfsense. I can have them dump the dual network like this and instead have them route traffic from both subnets to 18.104.22.168/24 (and then I'm assuming pfsense will advertise that it handles the whole 22.214.171.124/24 network so the gateway will know where to route it, unfortunately never learned about BGP routing and such). Here's the ideal setup:
outside - directly connected to cable going to isp's switch
opt1 - connects to our "external" switch
gw: blank (so it should forward to 126.96.36.199 above)
opt2 - connects to our "external switch
gw: blank (so that also forwards to 188.8.131.52)
inside has inside settings
i'd then have the ISP forward both subnets to 184.108.40.206/24 network. Both outside and opt1 having the same subnet mask seems like it would clash. Or would pfsense know if it sees something like 220.127.116.11 coming in on outside and it knows that server exists on opt1 to accept the traffic and pass it along?
Anyone have advice yet? Here's the current setup:
bridge with WAN
Other ip's in 18.104.22.168/24 network don't work reliably. If I restart the firewall I can ping 22.214.171.124. As soon as I restart the server it breaks again although I don't see any traffic being blocked on firewall. Which leads me to believe something gets messed up in the firewall's routing tables or something and it gets reset when I restart the firewall. the 126.96.36.199/24 network works fine.
It has to be a common configuration where you have a large block of IPs and you want the first ip to be the firewall and the rest to be filtered through the firewall. The only sollution I can think of now is to have ISP give me another /30 ip so I have a different external ip from the two class c's but there has to be a way to get it to work.