4. Cidr setup for LAN clients and server hosts

Cidr setup for LAN clients and server hosts

  • R

    Hello all… A new user here to PFSense who is blown away by the power of this software. I have a question about the correct way to setup Cidr for our needs...

    Using Pfsense 2.1 (beta I know) the IP from our provider Cox is:  (Ip's changed slightly for posting in the forum)

    Wan IP: 68.13.201.235
    Wan subnet: 255.255.255.128
    Wan Gateway: 68.13.201.129

    Cidr Block info:

    Cidr IPs: 174.75.85.224/27 (32 IPs)
    Cidr Netmask: 255.255.255.224
    Suggested Gateway: 174.75.85.225
    First Usable IP: 174.75.85.226
    Last Usable IP: 174.75.85.254

    So I have my WAN interface configured with the 68.13.201.235 IP and 68.13.201.129 gateway and I am 99.9% certain all is correct there.

    Where I am having trouble is on setting up the LAN and OPT interfaces correctly.  I have 40 workstations getting IPs in the 10.0.0.1-100 from a DHCP server (not pfsense but in the 10.0.0.0 range). I also have a couple of servers that are statically configured with some the higher IP's in the 174.75.X.X Cidr block.

    After fumbling around, I have managed to get the workstations flowing in and out to the internet but I cannot seem to get the servers with the static Cidr addresses working. I am certain I have bungled the NAT configuration (currently set to manual btw). I have searched through the forum here, and have partially read through the pfsense book. But I still seem not to get the grasp of how to configure the Cidr block correctly for both the LAN and the static servers

    In the end, what I would like to have is all of the workstations going in and out through the first usable Cidr address of .226 and the servers going through their own static ips from the higher addresses in the Cidr block. One last curve, I cannot change the ip configuration on these static servers at all - they have been statically assigned long ago and were working with the previous firewall which took a dump on us.

    Can anyone spare a moment to help an enthusiastic, competent user who is still a pfsense noob who would very much appreciate some guidance?

    Thanks,
    Robert

    0
  • H

    i don't know the exact details but i guess you should assign a VIP (the .226 ) to your LAN interface.
    then disable NAT for the cidr range but keep it enabled for the 10.0.0.x range ?

    see:
    http://doc.pfsense.org/index.php/How_can_I_use_public_IP%27s_on_the_LAN%3F

    also: don't try this on a production system … i have no clue if what i'm saying is correct

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy