1 wan nic, 1 lan nic, multiple lan ip's
-
I have the following network structure:
http://www.pcservice.hu/tammer/diag.jpg
The database, web and mail server working fine. The workstations on the cmts also working fine with the following config: pfsense: wan as on the picture, lan as 10.0.0.0/24. all other network missing.
i want to set up my network as seen on the picture.
how can I set up my pfsense box to result the 4 ips (networks) on 1 (one) lan cable out? the problem is, that i can plug into the cmts only one cable. (it's not a problem, if i must buy some equipment to work).
please help me to solve this problem. any good ideas are welcomed.
thank you very much.
-
get a VLAN-capable switch (i personally use the FS726T from netgear http://www.netgear.com/Products/Switches/SmartSwitches/FS726T.aspx?detail=Specifications but there are many others availlable)
then you add VLAN's to your LAN-card.
with my FS726T i can have like this up to 25 "interfaces" in a single slot. -
OK, thanks, GruensFroeschli!
I confiugre my Lan as 3 vlan, and I connect the other end of the cable into the vlan swich. It uses 1 port. Then I connect the switch with the cmts (1 port). I will be albe to use all the 3 networks at the cmts side?
And second question: it is possible to use one vlan switch to replace the 4 port switch too? You can see on the attached picture my imagined scheme.
I want to use both the 10.0.0.0/24 and the e.f.g.0/25 network in the blue range on the switch (and of course after the cmts too). The picture illustrates a 16 port switch. (Don't laugh!)
-
sorry i really dont get where you have what network with what range. i only understand the part on your WAN side of pfSense.
i understand that your CMTS only has one network-card.is your CMTS a bridge that bridged multiple Networks to your pfSense and you want to route them all?
do you have multiple subnets on the cable comming from the CMTS?
what networks do you want on the LAN side of pfSense?
what network should have access to what?
are you using port-based VLAN's on your switch?if i assume correctly that you have multiple subnets on the cable comming from the CMTS you should set it up somewhat like this:
you should use 802.1Q based VLAN's.
there are 3 states a port can have: - not member of VLAN
- member of VLAN and eggressing packets tagged
- member of VLAN and eggressing packets untaggedport1: connect this port to your pfSense. it should be member of all the VLAN's you want to have on the pfSense and it should eggress packets tagged. have one VLAN for each subnet you want to route.
port2: connect this port to your CMTS. it should be member of all the VLAN you want to route and set it to eggress packets untagged.
if you want to replace your 4port switch just add 4 ports to the same VLAN-ID and set them to eggress packets untagged.
now you can setup rules on the pfSense and have a (virtual) Interface for each subnet you have.
but it's generally a bad idea to have multiple subnets on the same physical carrier. -
the cmts is a bridge between the pfsense box and a workstation through cable modem.
the subnet 10.0.1.0/24 is for the cmts and the cable modems. not accessible by the customers (not accessible by 10.0/24 and e.f.g.0/24) (these are administrative & equipment ips)
subnet 10.0.0.0/24 is for the customers behind the cable modems. this is a firewalled (filtered) range. have access to internet via pfsense
subnet e.f.g.0/24 is not firewalled (allowed all traffic), and is for the customers behind the bridge, who want to have a public ip address. have access to internet via pfsense.
-
ok i think i get the picture.
then my previous post kind of applies to your needs.but i see one problem. one of your 10.0.0.0/24 customer's could just change his IP into an IP of the e.f.g.0/24 subnet and thus gain full access.
