Three Public IP Ranges to NAT - one with gateway, two without
We are running pfSense 2.0.1 at both ends. In datacenter1, my pfSense device has 4 physical interfaces and is running HA. In datacenter2, my pfSense device has 2 physical interfaces and has not been installed yet.
I am focusing on datacenter2 in this post.
Our facility is providing us BGP address failover between our two datacenters.
In each datacenter, we have a /30 that will become our "WAN" and it has a gateway of our provider's BGP device. It was explained to me that their device will "NAT" to the /27 and /28 mentioned and forward all ports/traffic to/from those two ranges.
In datacenter2, our current /28 will become a standard range without a defined gateway. We have a /27 in our primary datacenter (datacenter1) that will swing back and forth, also with no defined gateway.
My question is, if I configure the default WAN interface with the /30, will I be able to keep NAT functionality if I want to use a /24 private address range on the LAN side?
If so, how should I configure the /28 and /27 on the WAN side, as virtual IPs bound to the WAN interface? If so, which type should I use? (http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F)
As a bonus, if I configure the /27 and /28 as VIPs, would someone explain how pfSense knows to use the /30 as the gateway?
Here is an example of what I am thinking I need to configure:
WAN: 10.0.0.216/30 (Gateway of 10.0.0.217, WAN IP assignment of 10.0.0.218)
WAN-VIP1: 10.0.2.0/28 (Configured as IP Alias on WAN interface)
WAN-BGP: 10.0.3.0/27 (Configured as IP Alias on WAN interface)
LAN - 192.168.1.1/24
All the WAN blocks mentioned above are valid public IP address ranges in the 68.x.x.x and 72.x.x.x networks.
Thank you for any guidance you can provide.
Scratch this topic. My co-lo provider was handing BGP to us incorrectly. They've since configured it to hand off to us correctly, so I am no longer confused.