Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Question about multible WAN and LAN.

    General pfSense Questions
    2
    3
    784
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shade last edited by

      Hello,

      Can pfsense handle the following setup:

      Interfaces:

      • WAN1 (Internet)
      • WAN2 (Closed "Internet")
      • DMZ
      • LAN1 (Normal users)
      • LAN2 (Users that need services on the closed "internet")

      Routning:

      • All trafic from LAN1 are handled by WAN1.
      • All frafic from LAN2 are handled by WAN2.
      • All trafic from DMZ are handled by WAN1.

      NAT:

      • All servers from DMZ have static NAT with a IP from WAN1.
      • All computers from LAN1 have dynamic NAT to one IP from WAN1.
      • One server from LAN1 have static NAT with a IP from WAN1.
      • All computers from LAN2 have dynamic NAT to one IP from WAN2.
      • Server from LAN2 have static NAT with a IP from WAN2.

      Thanks for your input.

      /Lars

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis last edited by

        Yes, all those things look possible. That will use policy-routing to direct traffic to the required WAN, manual outbound NAT (and it might even be that automatic outbound NAT will do a bit broader thing than you want, but that will be fine because your firewall pass rules will only allow a cut-down set of traffic to particular WANs anyway), 1:1 NAT for servers. I don't think you will even need to define static routes for the networks available out WAN2 - the policy-routing rules should send it that way without the help of static routes.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • S
          shade last edited by

          Great, thanks.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy