Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Configuration with 1 WAN, 1 LAN, and 3 seperate DMZ Interfaces.

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Toz
      last edited by

      I have an existing pfSense installation with a simple static WAN IP and a NAT'ed LAN subnet on an RFC 1918 address scheme (192.168.20.0/24). Any public IP's are 1:1 NAT'ed from the RFC 1918 address to it's corresponding public address. We have 62 public addresses with a 26 bit mask, the fourth octet beginning with 64 and ending in 127. I'd like to break the block into 4 subnets with a 28 bit mask and would like a second opinion for my plan as I have a production mail server running and need to have a solid plan before I begin.

      If I assign the WAN interface xxx.xxx.xxx.66/28 my WAN subnet would be from .65 to .79.
      The first DMZ would be .80/28 and the range would be .81-.94 with a broadcast address of .95.
      The second DMZ would be .96/28 and the range would be .97-.110 with a broadcast address of .111.
      The third DMZ would be .112/28 and the range would be .113-.126 with a broadcast address of .127.

      Some background:
      Compaq DL360 G1 1.2 GHZ, 1GB RAM with 36GB SCSI-3 RAID1
      Realtek Gigabit NIC for my (WAN)
      2 Embedded Compaq (Intel) Netelligent 100 MBit NIC's (LAN and DMZ1)
      Dual Port Intel Gigabit NIC (DMZ 2&3)

      2-Netgear GS108T Gigabit Switches for DMZ 2 & 3.
      2-Dlink 8 Port 100 Mbit switch for LAN and DMZ1.

      Sorry for the novel - TIA.

      Toz

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        What is your question? :)
        If it's doable?

        One thing i learned the hard way when applying changes to an existing network:
        Try not to plan this only in text form.
        Make diagramms.
        Visualize your network: Before –> After

        Define steps between "Before" and "After" between which you can make tests if the changes are working.
        If you have Hardware running live during the changes: have a backup-plan for your hardware that should stay reachable if the changes should go wrong and you need to revert the changes.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • T
          Toz
          last edited by

          Thanks for the reply. My question is will this work - with the subnetting in particular. If I have a 26 bit range if IP addresses assigned by my provider. Can I just create 5 networks out of that space by increasing the subnet to 28 bit without any additional configuration changes?

          -Toz

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.