2 subnets and 1 internet connection



  • i have PfSense sorta working. But not perfect
    trying to use PfSense to replace 3 routers

    2 subnets and possible 3rd

    right now have web, mail, ftp, and dns behind a router

    I have a wireless connections which for some reason have 2 ips from isp
    the one they gave me 169.254.1.100 and according to whatismyip.com my ip is 69.49.41.150 this is a static ip had it for about yrs

    this is what i have now
    Internet –-> linksys hacked router port 1 to 192.168.0.0 network
                                                   port 4 vlan to 172.16.0.0 ---> to another linksys wan port ---port 1 to 172.16.0.0 wireless and wired network

    trying to setup pfsense have 2 nics in server
                                        (lan)  nic 1 to 192.168.0.0 subnet
                                              vlan10  to 172.16.0.0 subnet (haven't attempted to set yet )
                                       (wan)  nic 2 to internet ip 169.254.1.100 with a gateway 169.254.1.1 these cannot change

    here is my nat for port foward

    If Proto Src. addr Src. ports Dest. addr Dest. ports NAT IP NAT Ports Description

    WAN TCP * 80 (HTTP) 192.168.0.100 80 (HTTP) 192.168.0.100 80 (HTTP) web server  
    WAN TCP/UDP * 53 (DNS) 192.168.0.100 53 (DNS) 192.168.0.100 53 (DNS)        DNS server  
    WAN TCP * 25 (SMTP) 192.168.0.145 25 (SMTP) 192.168.0.145 25 (SMTP) mail server  
    WAN TCP * 143 (IMAP) 192.168.0.145 143 (IMAP) 192.168.0.145 143 (IMAP) mail server  
    WAN TCP * 110 (POP3) 192.168.0.145 110 (POP3) 192.168.0.145 110 (POP3) mail server
    outbound
    Interface  Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
    LAN   192.168.0.0/24 tcp/80 *               tcp/*              * *          NO  
    LAN   192.168.0.0/24 tcp/443 * tcp/* * *  NO  
    LAN   192.168.0.0/24 tcp/443 * tcp/* * * NO
    LAN   192.168.0.0/24 tcp/25 * tcp/* * * NO
    LAN   192.168.0.0/24 * * * * * NO

    can get some external sites from the 192.168.0.0 subnet but most time out
    mail server ip 192.168.0.145
    website     ip is 192.168.0.205 virtual host in apache
    webmail    ip is 192.168.0.208 virtual host in apache ( haven't nated yet)
    websever physical ip 192.168.0.100
    FTP server ip 192.168.0.100
    DNS server ip 192.168.0.100
    and have a dhcp server running on 192.168.0.145 servering 192.168.0.225-235
    have 8 other machines on the 192.168.0.0 subnet all static ips xbox, wii, laptop, media player, and workstations

    the problem

    1. cant get my web server or mail server to be accessed from the outside world

    2. allowing people out to the web
      3 ) read some where in one of the post i need to install proxy_server and mod_server pkgs in pfsense to get apache2 virtual host to work
          haven't figured that out yet



  • sorry dropped mouse and posted before finished

    i think i'm almost there like i said some sites work but slooow so i have something set wrong or ?
    any help would be great
    thanks



  • 169.254.x.y IP addresses are not public IP addresses and are not routable on the internet. They are most typically assigned to interfaces by TCP/IP stacks that fail to obtain an IP address via DHCP.

    If your WAN IP address of 169.254.1.100 really is being assigned to you by your ISP, then your ISP is doing NAT for you. In this case no one will be able to reach any servers you run because you have no known public IP address to reach.



  • it is working www.the-halls.ca.



  • Then your ISP is port forwarding at least TCP port 80 to your unroutable WAN address. If they are forwarding all port and protocols to you then they are probably bridging you. However, there is no way you can be reached from the internet on your as configured WAN address.

    www.the-halls.ca resolves to a public IP address of 69.49.41.150, but you already knew that.


Log in to reply