Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bridging and Vlans - have I missed the point

    Scheduled Pinned Locked Moved NAT
    6 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      domhampton
      last edited by

      Hi,

      I am after some help for a setup I have.  My setup is follows

      I have a server with two network cards, 1 is connected to a Wimax connection Which gives a /29 of which the gateway is the lower address.

      The second card is connected to a managed switch with 4 Vlans

      I would like Vlan 10 to be a standard internal LAN with private ips which will form a guest network, this will have the second lowest public ip address
      Vlans 20 is for office 1 which needs the third public ip from the /29
      Vlans 30 will be the forth another public ip

      Ideally the offices will have some traffic shaping or limiting on. Do I do this with bridges?

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi
        last edited by

        Traffic shaping: Firewall: Trafic shaper
        Rules(what traffic allowed etc): Firewall:Rules:corresponding interface

        no need to use bridging

        Manual outbound nat handles that need of share those public ip's to right vlans

        1 Reply Last reply Reply Quote 0
        • D
          domhampton
          last edited by

          thanks, that makes some sense to me, once on an interface i can apply the traffic shapping and firewall rules which is great, i thought i had been barking up the wrong tree with bridges

          Which opens my next question:

          How do you get a public IP to sit on an interface and how does that all work with gateways.

          from my isp i get X.X.X.201/29 with X.X.X.201 being the gate way

          My first interface takes the 202 address and has a private IP in the way
          Interface two (vLan 20) takes the 203 address and uses 1:1 NAT to a single IP (i may change this depending on how I get on with the next vLan)
          Interface three (vLan 21) i would like to be able to plug a device into this vLan that will then take the 204 address

          The other addresses will eventually be assigned the same way as interface3

          Am i missing a really simple tick box or do i need to do something clever for interface 3?

          1 Reply Last reply Reply Quote 0
          • M
            Metu69salemi
            last edited by

            Manual outbound nat is your answer, if you already have virtual ip's.

            when you set trafic go out with one ip, it'll come back via that ip-address.

            Notice, that first wan ip-address is unneeded to apply here, please check attachments

            mon.png
            mon.png_thumb
            vip.png
            vip.png_thumb

            1 Reply Last reply Reply Quote 0
            • D
              domhampton
              last edited by

              Thanks, not quite what i was after (i wanted to put the public IPs on the actual devices themselves) however 1:1 natting will work and if it ain't broke….

              I have set virtual IPs as Proxy ARP which i think fixed my first issue as i had them as IP Alias.  What's odd though is that the Outbound nat is set to automatic but it seems to work as required with the correct outbound routing with just the 1:1 nat selected.  The manual outbound rules are there but switched off.  I am very hesitant to say this is possibly a bug, or that your previous post added an unrequired step but it might be worth someone who knows this part of pfsense looking into it.

              Thanks for you help in getting it working

              1 Reply Last reply Reply Quote 0
              • M
                Metu69salemi
                last edited by

                More likely feature than bug. pfsense seems to be capable lot of different functions and thusfore it might be tricky to setup

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.