Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    General Questions

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 624 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bkana
      last edited by

      If I'm posting this in the wrong section, please let me know.

      I'm getting ready to pull the plug on my Cisco ASA5505 and replace it with pfsense. My ASA is solid but I feel it's performance is degrading. I have some general questions concerning pfsense and have provided screen shots of my setup. Could someone give these a look over and tell me if anything is out of place or setup incorrectly? I have a simple network with LAN being 192.168.0.0. I have 12 public IP's given to me by my ISP and an upstream Cisco 2900 router in-house. The gateway on the router is 2XX.XX.XX.1 and I have setup 2XX.XX.XX.2 as the WAN interface on the pfsense with 2XX.XX.XX.1 as the gateway. (see screen shots).

      I understand that creating Virtual IP's in pfsense binds your Public IP addresses to your WAN interface so they can be used to present themselves, in the example of outbound SMTP, where some need to have their outgoing email coming from a certain Public IP address. I have done just that for my SMTP server, but I have only setup one (of my 12) as a Virtual IP.

      1. Should I create VIP's for all my public IP's? Or just the ones that need to be presented to the outside world?

      2. Also, Is it a requirement to use AON (Manual Outbound NAT) to present my outgoing SMTP server on a public IP other than the WAN IP of pfsense? From what I have read, this is the way to go.

      3. On the General Setup screen I added my internal DNS servers, as these have forwarders to my ISP's DNS servers. Obviously, all the LAN clients use these as DNS. Is this correct?

      4. Since I'm already doing port forwarding for SMTP, do I need to specify port 25 anywhere on the Manual Outbound rule I setup for Outgoing SMTP?

      Gen_Setup.JPG
      Gen_Setup.JPG_thumb
      WAN_Interface.PNG
      WAN_Interface.PNG_thumb
      NAT_Port_Forward.PNG
      NAT_Port_Forward.PNG_thumb
      Firewall_LAN_Rules.PNG
      Firewall_LAN_Rules.PNG_thumb
      Firewall_WAN_Rules.PNG
      Firewall_WAN_Rules.PNG_thumb
      Manual_Outbound_AON.PNG
      Manual_Outbound_AON.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.