VLAN static ip address passthrough
-
I have a block of 5 static ip's, D-Link DGS-1100 managed switch, and Pfsense running 2.1.
DSL modem –> Pfsense --> managed switch (vlan) --> server
I need to go beyond a basic vlan setup and assign one of the static ip's to a server assigned to a vlan port on the switch.
Can I assign an ip from the internal range (10.0.xx.xx), to port 1 to manage the switch?
Then, is it possible to pass one of the static ip's to the server on a vlan set up on port 2?
I don't want to use CARP.
-
Perhaps you could edit your post and remove the white spaces.
I don't think I understand what you mean by assign it to a VLAN. You don't have to use CARP, you can use IP Alias. Create the IP Alias on the WAN interface, then use a 1:1 or port forward NAT to translate the external IP to an internal IP.This is documented well if you can to search the docs and forums.
-
Sorry about the white space. Deleted.
I know how to do a port forward NAT or 1:1.
Let's forget about the vlan for now. Just want to know if pfsense can pass through a block of static ip's?
-
I can route, yes.
-
How would I set that up?
-
Setup VLAN on an interface (or have a dedicated intrface and have the VLAN setup on the switch, your choice). Setup of a VLAN is documented at docs.pfsense.org.
Go to interface, enable the VLAN, and setup IP address, do not set a gateway.
go to rules, add a rule to allow internet traffic. I would setup an alias that has all private IPs in there (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and allow traffic NOT going to these destinations. This will effectively block traffic to any but the internet. You can put allow rules above that rule to allow specific things through.
If you are using automatic outbound NAT, your done. If you are using manual, then you need to add a rule for the subnet you set to use WAN address (or some other external) for translation.
Done. -
Thanks, I will try that and report back.
-
I got the same question. I Go to interface, enable the VLAN in my S5700-52C-EI, and setup IP address, do not set a gateway.How would I do next.Have you already solved this problem?
-
Just go to interfaces and enable the new interface that was created after you assigned the VLAN. Then add firewall rules and NAT rules (if using manual).