New book: VLANS in pfSense for absolute non-technical noobs
-
Oh, I forgot: the !lan is a very neat trick that has solved some head pains(!), thank you for mentioning it :P
-
So, I interpret that a gateway, 'the way to get out of a LAN', does a sort of NAT.
The gateway on each LAN is just the way out for routing. It does not do any NAT. The routing software in (pfSense/FreeBSD/any router) is happy to route stuff between all the actual subnet addresses that it knows are directly connected. Then it has gateway(s) itself to use to send packets to other IP addresses that it cannot deliver directly.
For stuff from the internal LANs, that has to be sent out to another router (through a gateway that pfSense knows about - your ISP or…) NAT (a different piece of functionality) is usually needed. That happens on the way OUT to the upstream gateway/router. NAT is only needed if the upstream gateway does not know how to route back to your internal LAN/s - which is always the case when your LAN/s is in private IP space and the upstream gateway/router is your ISP on the public internet.are all these functions done by the gateway of the network segment (3.1), or by the 'main' gateway, 2.1?
Yes, by default these network services are listening on each of your LAN-style interfaces. For DHCP, you enable it on each LAN-style interface. DNS and NTP just listen on every interface when they are enabled. So, a client on the "2" network would use 2.1 as the address for all these services - DHCP, DNS, NTP… and a client on the "3" network uses 3.1 and so on.