Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Question about multible WAN and LAN.

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shade
      last edited by

      Hello,

      Can pfsense handle the following setup:

      Interfaces:

      • WAN1 (Internet)
      • WAN2 (Closed "Internet")
      • DMZ
      • LAN1 (Normal users)
      • LAN2 (Users that need services on the closed "internet")

      Routning:

      • All trafic from LAN1 are handled by WAN1.
      • All frafic from LAN2 are handled by WAN2.
      • All trafic from DMZ are handled by WAN1.

      NAT:

      • All servers from DMZ have static NAT with a IP from WAN1.
      • All computers from LAN1 have dynamic NAT to one IP from WAN1.
      • One server from LAN1 have static NAT with a IP from WAN1.
      • All computers from LAN2 have dynamic NAT to one IP from WAN2.
      • Server from LAN2 have static NAT with a IP from WAN2.

      Thanks for your input.

      /Lars

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        Yes, all those things look possible. That will use policy-routing to direct traffic to the required WAN, manual outbound NAT (and it might even be that automatic outbound NAT will do a bit broader thing than you want, but that will be fine because your firewall pass rules will only allow a cut-down set of traffic to particular WANs anyway), 1:1 NAT for servers. I don't think you will even need to define static routes for the networks available out WAN2 - the policy-routing rules should send it that way without the help of static routes.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • S
          shade
          last edited by

          Great, thanks.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.