4. NAT and routing

NAT and routing

  • B

    Hi,

    i have one WAN Interface with pppoe und one WAN with a static Adress. I also have some internal interfaces for DMZ, LAN, etc. For some server in the DMZ I added a virtual IP and a 1:1 NAT. Everything works great. But I want to setup a new internal Interface which should be routed (with Firewall rules). At the static interface this is no problem, i could use a bridge. But what about my pppoe connection? The connection get a static ip from the provider and the provider routes some ips trough this connection (2x /27 subnet). Is it possible to build a bridge or route some ips to another internal interface? The firewall has enough free ports.

    Thanks.

    Greeting

    BJ

    0
  • P

    well you would not use a internet routable unless it is routed by your ISPs to one of the WAN addresses. Since you are already using NAT, I would setup 1:1 NAT with the new IP in a different subnet on a new interface.

    0
  • A

    I logged on today to ask the same basic question as BJXYZ. If BJXYZ's issue is anything like mine, 1:1 NAT won't work for everything.

    I'm replacing a ZyWall configured to use 3 subnets. One address from subnet A is configured on my WAN. I use this address for 1:n NAT. Subnets B and C are routed through the WAN address (the one from subnet A). I use subnet B for various 1:1 NAT mappings. Subnet C is routed to my DMZ where I host services that don't play well with NAT. Now I'm looking at replacing the ZyWall with pfSense.

    Is this configuration possible with pfSense?

    BJXYZ,

    You indicate you've used a bridge on one of your WANs. Following the trail of documentation about bridges (starting here: http://doc.pfsense.org/index.php/What_is_a_bridged_interface_and_how_would_one_be_used%3F) seems to indicate you'll run into a problem when your LAN clients try to access devices on the bridged interface (assuming your LAN clients use NAT). Have you noticed any such problems?

    Regards everyone!

    0
  • D

    You could enable Manual Outbound NAT, delete any auto-generated rules for the DMZ interface and just route subnet C.

    0
  • A

    Thanks Dhatz,

    That's what I was thinking too. I guess it's off to the test lab!

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy