WAN Public /24 LAN Public /24 LAN NATed private /16 172.16.xxx.xxx ?

pmcnary

I posted here in NAT and not in ROUTING. I didn't know which was the right place!

I Have the following:

1. WAN /30 to ISP WAN
2. Public /24
3. Public /24 LAN
4. NATed private /16 172.16.xxx.xxx

pfSense 2.x
Currently I have 1 and 4 working fine.
NATed with port forwarding rules to individual machines on LAN side

What I would like to do is 2&3) pass my public Class C /24 to the LAN side and
still keep 4) 172.16.xxx.xxx network protected from the outside world.
Do I just turn NATing and firewalling off since 172.16.xxx.xxx shouldn't route past my ISP's /30?
Or can I leave the firewall on but set to allow all and block by rule?

I have been reading for several months and haven't found an answer that seems to fit.
Maybe I just need a slap up side the head to make it sink in.

Thanks

SeventhSon

@pmcnary:

Do I just turn NATing and firewalling off since 172.16.xxx.xxx shouldn't route past my ISP's /30?
Or can I leave the firewall on but set to allow all and block by rule?

There is two different ways you can set this up:

• with 1-on-1 NAT: mapping 1 external address (or /24 range in your case) to an internal one
• Routing, so you need some firewall rules allowing that traffic in, and Advanced Outbound NAT, set to not NAT that subnet going out.

pmcnary

Thanks for the solutions!