1 LAN, WAN1 for outbound and WAN2 for DMZ

FreddyAV

Hi

I have a pfsense box with 5 ethernet ports, out of which I'm currently only using 2 (LAN+WAN) for my home firewall. I have the possibility to get up to 10 public IP addresses so I want to try to add one more WAN (WAN2/OPT1) and then forward all ports on that public IP to one specific machine on my LAN. How can I do this? Please help!

/–------- public IP 1 <------> WAN  <----> LAN subnet  <-----
Internet <---->  switch                                                                                    |
                              --------- public IP 2 <------> WAN2 -----> LAN Server IP --->/

Is this possible? How? Even better if I can get the "LAN server" to use only WAN2 (i.e. for in and out).

I have tried too many settings to list here, so if someone could be kind enough to give me, at least, a rough overview of the way to do it I would be very happy! :)

Even after only adding the additional WAN (which uses DHCP, both WANs do) I would expect that I could go to "Diagnostics" -> "Ping" and ping what ever usually answers, however I could not get even this working. Newbie? Yeah, probably... All different settings I tried I could only get WAN2 to ping its gateway, nothing else (the same gateway is used for WAN and WAN2). It seems I need to at least get past this issue. Is this related to http://forum.pfsense.org/index.php/topic,43475.0.html ??

Greatful for any help!

Cheers
FreddyAV

clarknova

I don't think you need a second WAN interface. You should be able to do this with VIPs and outbound NAT. Try posting in the VIP board.

FreddyAV

Yeah, I guess I could (and thanks for your post!), it's just that my ISP has arranged it so that each external IP/physical interface has full bandwidth, i.e. if I have one WAN cable I get my 100Mbps to that connection which is shared between all my internal boxes and if I use 2 WAN physical interfaces I get 2x100Mbps (which does not saturate my internal gigabit network). It might be odd but that is the way it works here and I would like to dedicate 100 per use, i.e. server vs other home network stuff, so I would really like to have the proposed setup or something similar.

Thus, I would still very much appreciate if some kind soul could guide me in the right direction.

Cheers
FreddyAV

FreddyAV

In my first post I asked wheter a set up like this:

/–------- public IP 1 <------> WAN  <----> LAN subnet  <-----
Internet <---->  switch                                                                                    |
                              --------- public IP 2 <------> WAN2 -----> LAN Server IP --->/

is possible. It now seems to me like it isn't but rather this is what I should aim for:

/--------- public IP 1 <------> WAN  <----> LAN subnet
Internet <---->  switch
                              --------- public IP 2 <------> WAN2 <----> LAN Server IP

where LAN signifies the same /24 subnet for all my internal devices, i.e. LAN subnet could be XXX.XXX.XXX.3-254 if LAN Server IP was XXX.XXX.XXX.2 (and pfsense XXX.XXX.XXX.1 and broadcast on XXX.XXX.XXX.255).

Is this configuration possible?

FreddyAV

I will answer my own thread for forum-completeness  ;)

Answer is "no" I can't do what is described in the picture above. This is due to both WANs having/being assigned the same gateway, see http://forum.pfsense.org/index.php/topic,44059.0.html etc.

The "solution" I'm going with currently is to add a real cheap router inbetween the switch and WAN2 and then enable DMZ for the router to the WAN2 interface. This way pfSense won't use the same gateway for the two WAN ports (only trouble I have now is that there must be something wrong with my firewall rules since I can't port forward a connection from WAN2 to anything but the pfSense machine itself, but that is an other story).