Telstra Ip Routing + PFsense



  • Hi Guys,

    I am in some desperate need of assistance. Telstra (our carrier) is going to be mirgrating our services across to their new system tommorow and therefore we will have the chance to have more then one ip address. My question is how can we route the ips through PFsence so:

    a, snort and other applications that we have on our PFsense box still filter and block the trafficas required
    b, the traffic is passed through pf sense and onto the machines so these extra ip addresses DO NOT use NAT. Its a direct connection to the server through PFsense ( if possible )

    Pfsense is currently controlling our PPOE sessions and will remain like that. We just need step by step instructions on how to route the ips to the dedicatd macihines on our network. We have the ip gateways, broadcast addresses and subnets that we need but dont know how to route it.

    I did read somewhere that you use Nat 1:1 but i carnt see where to enter the IP addresses. It only asks for the subnet which is the same internal and external.

    We are using the latest build of PFsense.

    Please provide step by step instructions so we can follow and explain every step in as much detail as possible.

    Thanks in advance

    Matthew



  • Okay we have been moved but we dont know how to route the /28  (16 ips through pfsense while keeping SNORT and other addons running and scanning the tickets.

    We do not want NAT to be enabled. We want the following:

    MODEM >> PFSENCE >> SNORT >> WEB SERVER

    With no NAT but the ability to be able to block countries and rules if need be

    Can this be done?



  • You need to use a transparent bridge to allow public IPs on the LAN.

    As far as Squid, I cannot help you there my friend but my guess is once you get the bridge working you should figure it out fairly easily.

    WAN - Set IP, Subnet, Gateway
    LAN - Set IP address to "None"
    System Tunables -> pfil_member to 1 , pfil_bridge to 1
    LAN Rules - Change LAN subnet on the ANY rule to ANY, so it should be ANY ANY (otherwise you will be locked out). Remember, when you set the IP to none on the LAN, there is no longer a LAN subnet. Now it's just a interface which is what you want.
    Bridge the interfaces together

    Configure Squid (cant help you on this one)

    Hope this helps, otherwise I misunderstood your post. BTW, this issue haunted me for a week, very tricky to figure out on 2.0 and a lot of experimenting and testing.


Locked