WAN Public /24 LAN Public /24 LAN NATed private /16 172.16.xxx.xxx ?
-
I posted here in NAT and not in ROUTING. I didn't know which was the right place!
I Have the following:
- WAN /30 to ISP WAN
- Public /24
- Public /24 LAN
- NATed private /16 172.16.xxx.xxx
pfSense 2.x
Currently I have 1 and 4 working fine.
NATed with port forwarding rules to individual machines on LAN sideWhat I would like to do is 2&3) pass my public Class C /24 to the LAN side and
still keep 4) 172.16.xxx.xxx network protected from the outside world.
Do I just turn NATing and firewalling off since 172.16.xxx.xxx shouldn't route past my ISP's /30?
Or can I leave the firewall on but set to allow all and block by rule?I have been reading for several months and haven't found an answer that seems to fit.
Maybe I just need a slap up side the head to make it sink in.Thanks
-
Do I just turn NATing and firewalling off since 172.16.xxx.xxx shouldn't route past my ISP's /30?
Or can I leave the firewall on but set to allow all and block by rule?There is two different ways you can set this up:
- with 1-on-1 NAT: mapping 1 external address (or /24 range in your case) to an internal one
- Routing, so you need some firewall rules allowing that traffic in, and Advanced Outbound NAT, set to not NAT that subnet going out.
-
Thanks for the solutions!