WAN Public /24 LAN Public /24 LAN NATed private /16 172.16.xxx.xxx ?



  • I posted here in NAT and not in ROUTING. I didn't know which was the right place!

    I Have the following:

    1. WAN /30 to ISP WAN
    2. Public /24
    3. Public /24 LAN
    4. NATed private /16 172.16.xxx.xxx

    pfSense 2.x
    Currently I have 1 and 4 working fine.
    NATed with port forwarding rules to individual machines on LAN side

    What I would like to do is 2&3) pass my public Class C /24 to the LAN side and
    still keep 4) 172.16.xxx.xxx network protected from the outside world.
    Do I just turn NATing and firewalling off since 172.16.xxx.xxx shouldn't route past my ISP's /30?
    Or can I leave the firewall on but set to allow all and block by rule?

    I have been reading for several months and haven't found an answer that seems to fit.
    Maybe I just need a slap up side the head to make it sink in.

    Thanks



  • @pmcnary:

    Do I just turn NATing and firewalling off since 172.16.xxx.xxx shouldn't route past my ISP's /30?
    Or can I leave the firewall on but set to allow all and block by rule?

    There is two different ways you can set this up:

    • with 1-on-1 NAT: mapping 1 external address (or /24 range in your case) to an internal one
    • Routing, so you need some firewall rules allowing that traffic in, and Advanced Outbound NAT, set to not NAT that subnet going out.


  • Thanks for the solutions!


Locked