Transparent bridging and VLAN

  • Hello,

    I need to make a frontend transparent bridge for my hosted servers, here goes my config I have 4 physical interfaces 2 of them are bridged with the WAN ( so and one is for the WAN and 2 in a BOND for the switch) and I have a Lan interface with NAT for maintenace usage.

    I have some Vlan interfaces that are working with vpn so my customers can access there servers directly everything is working well at this point.

    Next step: My web servers and my VOIP have to be into 2 separate VLANS one will be called VLAN VOICE and the other will be called VLAN WEB. I create VLANS, I create VLAN Interfaces but this time with no IP on the Vlan interfaces. I can not associate Vlan interfaces directly into the bridge so they are associted with the BOND0

    The servers connected behind these vlans have public addresses in the same class and range of the WAN interface, so they have to be reachable for people coming from the WAN interface.

    Unfortunatly, doing this way doesn't work. Does anyone knows how to do this thing ?

    –-----------------------------              /----                           
      |                              |        |                    |
      |                              em3    em2                |
      |                                    |                      Lan  (em1)
    WAN (em0)                        Bond0                       
    Public IP                                        |
    VPN X for custX                  |                |----------------VLAN 2 ADMIN  PrivateIP
    VPN Y for custY                  |                |
                                          Switch  ------|----------------VLAN CUSTOMER X Private IP (one IP for the Vlan interfaceas as a gateway for server behinds )
                                                              |----------------VLAN CUSTOMER Y Private IP  (one IP for the Vlan interfaceas as a gateway behinds)
                                                              |----------------VLAN WEB (No Ip address on the Vlan interface)
                                                              |----------------VLAN VOIP (No Ip address on the Vlan interface)

    *** Welcome to pfSense 2.0-RELEASE-pfSense (i386) on mymachine ***

    WAN (wan)                -> em0        -> 1XX.X.YYY.26
      LAN (lan)                -> em1        ->
      BOND (opt1)              -> lagg0      -> NONE
      BRIDGE (opt2)            -> bridge0    -> NONE
      VLAN2ADMIN (opt3)        -> lagg0_vlan2 ->
      VLAN100VOICE (opt4)  -> lagg0_vlan100 -> NONE
      VLAN10WEB (opt6)          -> lagg0_vlan10 -> NONE

    Thanks for your answers...

Log in to reply