Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Routing / firewalling two class c's

    Routing and Multi WAN
    1
    2
    1356
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vrillusions last edited by

      Tried searching but not even sure what to search on…

      In previous setups I've had a small subnet, like a /30, that is assigned to the outside interface.  Traffic for that and any other networks are sent on that port.  I can then setup OPT interfaces with those subnets and everything works great.  In this case I only have two class c's.  Here's how they are setup:

      network 1:
      5.5.5.0/24
      gateway 5.5.5.1

      network 2:
      5.5.6.0/24
      gateway 5.5.6.1

      Both come in on a single cable but have dual gateways like that.  Meaning I could plug that into a hub, connect servers to it, give it the .1 gateway and it will work.  Obviously I don't want to put everything on the internet without a firewall.  I want the NAT'd external ip to 5.5.5.2 and all other ips have to go through pfsense.  I can have them dump the dual network like this and instead have them route traffic from both subnets to 5.5.5.0/24 (and then I'm assuming pfsense will advertise that it handles the whole 5.5.6.0/24 network so the gateway will know where to route it, unfortunately never learned about BGP routing and such).  Here's the ideal setup:

      outside - directly connected to cable going to isp's switch
      ip: 5.5.5.2/24
      gw: 5.5.5.1

      opt1 - connects to our "external" switch
      ip: 5.5.5.3/24
      gw: blank (so it should forward to 5.5.5.1 above)

      opt2 - connects to our "external switch
      ip: 5.5.6.2/24
      gw: blank (so that also forwards to 5.5.5.1)

      inside has inside settings

      i'd then have the ISP forward both subnets to 5.5.5.0/24 network.  Both outside and opt1 having the same subnet mask seems like it would clash.  Or would pfsense know if it sees something like 5.5.5.10 coming in on outside and it knows that server exists on opt1 to accept the traffic and pass it along?

      1 Reply Last reply Reply Quote 0
      • V
        vrillusions last edited by

        Anyone have advice yet?  Here's the current setup:

        WAN:
        5.5.5.2/24
        gw: 5.5.5.1

        OPT1:
        bridge with WAN

        OPT2:
        5.5.6.2/24
        gw: 5.5.5.1

        Other ip's in 5.5.5.0/24 network don't work reliably.  If I restart the firewall I can ping 5.5.5.2.  As soon as I restart the server it breaks again although I don't see any traffic being blocked on firewall.  Which leads me to believe something gets messed up in the firewall's routing tables or something and it gets reset when I restart the firewall.  the 5.5.6.0/24 network works fine.

        It has to be a common configuration where you have a large block of IPs and you want the first ip to be the firewall and the rest to be filtered through the firewall.  The only sollution I can think of now is to have ISP give me another /30 ip so I have a different external ip from the two class c's but there has to be a way to get it to work.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post