Scenario question
-
I wan't sure where to put this since accomplishing this would seem to require more than one area. Nevertheless, my goal is to achieve a viable traffic shaping scenario, so I'm posting here.
Here's what we currently have.
A switch connected to our main T1 line. This switch then connects to:
- three servers with their own public IP addresses.
- pfSense with its own WAN public IP, which supplies our LAN and forwards a few ports to a specific machine inside the LAN.
So, we have 4 public IPs, one for pfSense, and three for servers outside pfSense.
The problem with this is that Traffic Shaping can't work, since the three servers out outside and upload/download rates inside the LAN depend on the load of these servers.
Unfortunatly, I know just about enough about routing, etc., but be dangerous, so I'm hoping some of the veterans here can help me out.
What I want to accomplish is this:
The three servers live behind the firewall on a single port with a switch on it. Using some technique my noob brain doesn't know about (static routes?), pfSense routes packets intended for the three servers to the three servers in the DMZ? How can I get all four IPs to be routed on the single pfSense port, one to the LAN and three to the proper servers in the DMZ? Ah, this is all a bit to weird for me to grok.
Thanks very much for your help.
–Steven
-
You setup VIP's (Virtual IP's)
Check out "Firewall" –> "Virtual IPs"
Imho best is if you just use CARP-type VIP's even if you dont use the CARP functionalities.I assume you have a firewall-computer with 2 ports:
WAN and LAN.Now just create 3 VIPs (plus the "real" IP on the interface itself) and create a 1:1 NAT for every server if you need it, or just forward the ports you need to your Servers.
Like this your Servers and Clients are within the same subnet. Is this what you want?
Or do you have 3 Interfaces and on one all your servers?
Then the Traffic Shaper is of no use since it (currently) only runs between 2 Interfaces.
