Question about multible WAN and LAN.



  • Hello,

    Can pfsense handle the following setup:

    Interfaces:

    • WAN1 (Internet)
    • WAN2 (Closed "Internet")
    • DMZ
    • LAN1 (Normal users)
    • LAN2 (Users that need services on the closed "internet")

    Routning:

    • All trafic from LAN1 are handled by WAN1.
    • All frafic from LAN2 are handled by WAN2.
    • All trafic from DMZ are handled by WAN1.

    NAT:

    • All servers from DMZ have static NAT with a IP from WAN1.
    • All computers from LAN1 have dynamic NAT to one IP from WAN1.
    • One server from LAN1 have static NAT with a IP from WAN1.
    • All computers from LAN2 have dynamic NAT to one IP from WAN2.
    • Server from LAN2 have static NAT with a IP from WAN2.

    Thanks for your input.

    /Lars



  • Yes, all those things look possible. That will use policy-routing to direct traffic to the required WAN, manual outbound NAT (and it might even be that automatic outbound NAT will do a bit broader thing than you want, but that will be fine because your firewall pass rules will only allow a cut-down set of traffic to particular WANs anyway), 1:1 NAT for servers. I don't think you will even need to define static routes for the networks available out WAN2 - the policy-routing rules should send it that way without the help of static routes.



  • Great, thanks.