DMZ and LAN on same physical network to segregate a VOIP device

  • Hello,

    I am now running a virtualized pfsense machine (on Proxmox VE 3.2) and there are 3 NIC assigned to the VM, WAN, LAN and a DMZ NIC.

    Right now, everything is working fine:

    -pfsense talks to my cable modem, gets an IP from my ISP
    -LAN clients (physical devices) get an IP from the pfsense VM
    -other VM's are getting an IP from pfsense

    But my VOIP device (Grandstream ATA) being so flaky and unstable constantly loses connectivity and has all kind of problems with being connected AFTER a router (this device is supposedly designed to be installed BETWEEN a modem and a router).

    As a result, I would like to connect the ATA to a DMZ NIC so the only thing pfsense would do is assign an IP and that would be it.  nothing else…  Straight connection to the outside, no firewalling whatsoever...

    The issue I have is that the ATA is physically located in a room where the only network connection available is from a switch connected to the LAN port.  So my question is, can I connect the ATA on my lan, connect the DMZ NIC on my LAN, and have the ATA go through the DMZ port?  See atached picture.  Please note, my switches are not VLAN capable (cheap 8 ports Dlink switches).

    The simplest solution would be to directly connect the ATA to the DMZ port on the proxmox server, but there's no phone wiring where the server is located!!!

    If this is possible, then I will ask how to implement such thing in pfsense...


