Cidr setup for LAN clients and server hosts
Hello all… A new user here to PFSense who is blown away by the power of this software. I have a question about the correct way to setup Cidr for our needs...
Using Pfsense 2.1 (beta I know) the IP from our provider Cox is: (Ip's changed slightly for posting in the forum)
Wan IP: 18.104.22.168
Wan subnet: 255.255.255.128
Wan Gateway: 22.214.171.124
Cidr Block info:
Cidr IPs: 126.96.36.199/27 (32 IPs)
Cidr Netmask: 255.255.255.224
Suggested Gateway: 188.8.131.52
First Usable IP: 184.108.40.206
Last Usable IP: 220.127.116.11
So I have my WAN interface configured with the 18.104.22.168 IP and 22.214.171.124 gateway and I am 99.9% certain all is correct there.
Where I am having trouble is on setting up the LAN and OPT interfaces correctly. I have 40 workstations getting IPs in the 10.0.0.1-100 from a DHCP server (not pfsense but in the 10.0.0.0 range). I also have a couple of servers that are statically configured with some the higher IP's in the 174.75.X.X Cidr block.
After fumbling around, I have managed to get the workstations flowing in and out to the internet but I cannot seem to get the servers with the static Cidr addresses working. I am certain I have bungled the NAT configuration (currently set to manual btw). I have searched through the forum here, and have partially read through the pfsense book. But I still seem not to get the grasp of how to configure the Cidr block correctly for both the LAN and the static servers
In the end, what I would like to have is all of the workstations going in and out through the first usable Cidr address of .226 and the servers going through their own static ips from the higher addresses in the Cidr block. One last curve, I cannot change the ip configuration on these static servers at all - they have been statically assigned long ago and were working with the previous firewall which took a dump on us.
Can anyone spare a moment to help an enthusiastic, competent user who is still a pfsense noob who would very much appreciate some guidance?
i don't know the exact details but i guess you should assign a VIP (the .226 ) to your LAN interface.
then disable NAT for the cidr range but keep it enabled for the 10.0.0.x range ?
also: don't try this on a production system … i have no clue if what i'm saying is correct