Three Public IP Ranges to NAT - one with gateway, two without
-
Hello Everyone,
We are running pfSense 2.0.1 at both ends. In datacenter1, my pfSense device has 4 physical interfaces and is running HA. In datacenter2, my pfSense device has 2 physical interfaces and has not been installed yet.
I am focusing on datacenter2 in this post.
Our facility is providing us BGP address failover between our two datacenters.
In each datacenter, we have a /30 that will become our "WAN" and it has a gateway of our provider's BGP device. It was explained to me that their device will "NAT" to the /27 and /28 mentioned and forward all ports/traffic to/from those two ranges.
In datacenter2, our current /28 will become a standard range without a defined gateway. We have a /27 in our primary datacenter (datacenter1) that will swing back and forth, also with no defined gateway.
My question is, if I configure the default WAN interface with the /30, will I be able to keep NAT functionality if I want to use a /24 private address range on the LAN side?
If so, how should I configure the /28 and /27 on the WAN side, as virtual IPs bound to the WAN interface? If so, which type should I use? (http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F)
As a bonus, if I configure the /27 and /28 as VIPs, would someone explain how pfSense knows to use the /30 as the gateway?
Here is an example of what I am thinking I need to configure:
WAN: 10.0.0.216/30 (Gateway of 10.0.0.217, WAN IP assignment of 10.0.0.218)
WAN-VIP1: 10.0.2.0/28 (Configured as IP Alias on WAN interface)
WAN-BGP: 10.0.3.0/27 (Configured as IP Alias on WAN interface)
LAN - 192.168.1.1/24All the WAN blocks mentioned above are valid public IP address ranges in the 68.x.x.x and 72.x.x.x networks.
Thank you for any guidance you can provide.
Cheers,
Matt
-
Scratch this topic. My co-lo provider was handing BGP to us incorrectly. They've since configured it to hand off to us correctly, so I am no longer confused.