Advice for multiple subnets/networks?

  • Hi,

    I recently changed ISP. My new ISP gave me a few public IPs. I need your advice how to set up network.

    So, I'll use 2 public IPs for one server with Exchange, DNS (just for local domain) and AD/DC. The other machine should host FTP server.

    PCs in network should have Internet connectivity, and also as it should 2 of my servers.
    PCs in network should not be able to have Internet connectivity (they use other gateway for that), but should be able to communicate with PCs in first network and two servers. They do not need firewall.

    All PCs are in the domain.

    Here's the network topology:

    Is it possible to realize my idea like shown in the diagram? And how should I configure NAT and other stuff in pfSense?

    On completely different topic, I was looking to buy for pfSense:

    • Supermicro X7SPA-H-D525 (Atom 1.86GHz)
    • 2Gb ram

    Will it be enough for 20/20Mbps connection? I need just firewall, maybe a few packages, and less maybe VPN?

    Thanks!! :)

  • The hardware should be well enough for a 20/20. It should be able to handle a 500/500 almost as well.

    It is certainly possible, but you are going to have to create routes on both of the edge devices to point to the other for the opposing network. Either that or a static route on each and every machine. The NAT will only be configured only for the WAN interfaces. You will need to create ProxyARP interface in each firewall so that the other FW can route to it. You will then to make rules to allow traffic from one network to the other.

  • Thx for answering!!

    My first concern is actually with the network configuration.
    Should I go with option 1 (the image above) or option 2?

    In option 2, the public network is connected directly on firewall (pfSense). What would be easier to configure?
    I'll use Router1 just for routing.

    Option 2:

Log in to reply