Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT and routing

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 4 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BJXYZ
      last edited by

      Hi,

      i have one WAN Interface with pppoe und one WAN with a static Adress. I also have some internal interfaces for DMZ, LAN, etc. For some server in the DMZ I added a virtual IP and a 1:1 NAT. Everything works great. But I want to setup a new internal Interface which should be routed (with Firewall rules). At the static interface this is no problem, i could use a bridge. But what about my pppoe connection? The connection get a static ip from the provider and the provider routes some ips trough this connection (2x /27 subnet). Is it possible to build a bridge or route some ips to another internal interface? The firewall has enough free ports.

      Thanks.

      Greeting

      BJ

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        well you would not use a internet routable unless it is routed by your ISPs to one of the WAN addresses. Since you are already using NAT, I would setup 1:1 NAT with the new IP in a different subnet on a new interface.

        1 Reply Last reply Reply Quote 0
        • A
          Azannah
          last edited by

          I logged on today to ask the same basic question as BJXYZ. If BJXYZ's issue is anything like mine, 1:1 NAT won't work for everything.

          I'm replacing a ZyWall configured to use 3 subnets. One address from subnet A is configured on my WAN. I use this address for 1:n NAT. Subnets B and C are routed through the WAN address (the one from subnet A). I use subnet B for various 1:1 NAT mappings. Subnet C is routed to my DMZ where I host services that don't play well with NAT. Now I'm looking at replacing the ZyWall with pfSense.

          Is this configuration possible with pfSense?

          BJXYZ,

          You indicate you've used a bridge on one of your WANs. Following the trail of documentation about bridges (starting here: http://doc.pfsense.org/index.php/What_is_a_bridged_interface_and_how_would_one_be_used%3F) seems to indicate you'll run into a problem when your LAN clients try to access devices on the bridged interface (assuming your LAN clients use NAT). Have you noticed any such problems?

          Regards everyone!

          1 Reply Last reply Reply Quote 0
          • D
            dhatz
            last edited by

            You could enable Manual Outbound NAT, delete any auto-generated rules for the DMZ interface and just route subnet C.

            1 Reply Last reply Reply Quote 0
            • A
              Azannah
              last edited by

              Thanks Dhatz,

              That's what I was thinking too. I guess it's off to the test lab!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.