PF behind another gateway
-
I have 2 devices on my Modem/Gateway which are used for Netflix. However we are wanting to set up the media center extender functionality. My gateway uses one IP Range while my PF box has a public static IP. My gateway network and my internal network have different subnets. What would be the easiest way to configure these devices or my firewall to allow them access to the internal network.
I can provide a diagram if needed.
-
diagram sure wouldn't hurt. Also you say pfsense has different static public IP? This isn't making a lot of senses to me – so you have multiple public IPs and they are not in the same network?
Or did you put a private static on wan interface of the pfsense?
Drawing would help with IPs, you can change the public IPs if your worried about privacy - ie say your public is 24.14.3.14, use say 24.x.A.14 and then if other static is 24.14.2.23 you could use say 24.y.B.23 -- and your masks would help as well, just want to be able to tell if really on different Public IPs or same segment, or if private.
Just so we are all clear - anything with 10.x.x.x, 192.168.x.x or 172.16-31.x.x is private address space and there is no problem with giving the full address, etc.
-
Thanks for the reply, I have attached a small network diagram with ip ranges and subnets.
The Firewall is set to a static ip, however I can set an outbound IP on it if needed.
(Sorry about the confusion my publics are in the same range.)
**note: The internal subnet is 255.255.248.0 I missed that before I published it.
-
Ok, why can you not just put a virtual IP on your pfsense box to be in that 10.28 network, and then on your 1st gateway create a route for the 10.72 network to go to the pfsense virtual ip you put on 10.28
Still not understanding this setup to be honest.. Why would you set it up this way? Why not just move pfsense to be the main gateway and run with multiple public IPs if you want. Then either all your devices could be on same lan, or you could have multiple segments but it would be much easier to route.
-
I will have to try that, Comcast requires we use their gateway/modem as the main gateway. The main reason I want the two media boxes outside the firewall though is both boxes tend to be streaming some form of HD media at a time and it releives some tension off the firewall.
-
johnpoz,
setting the virtual ip and routing worked for gaining access to the internal network.
However I have came across a new hiccup.
To configure the media server it uses a udp broadcast.
I have tried making a virtual IP, iparp, and using nat to the Ip of one of the streaming devices.
Any suggestions here?
