4. Configuration with 1 WAN, 1 LAN, and 3 seperate DMZ Interfaces.

Configuration with 1 WAN, 1 LAN, and 3 seperate DMZ Interfaces.

  • T

    I have an existing pfSense installation with a simple static WAN IP and a NAT'ed LAN subnet on an RFC 1918 address scheme (192.168.20.0/24). Any public IP's are 1:1 NAT'ed from the RFC 1918 address to it's corresponding public address. We have 62 public addresses with a 26 bit mask, the fourth octet beginning with 64 and ending in 127. I'd like to break the block into 4 subnets with a 28 bit mask and would like a second opinion for my plan as I have a production mail server running and need to have a solid plan before I begin.

    If I assign the WAN interface xxx.xxx.xxx.66/28 my WAN subnet would be from .65 to .79.
    The first DMZ would be .80/28 and the range would be .81-.94 with a broadcast address of .95.
    The second DMZ would be .96/28 and the range would be .97-.110 with a broadcast address of .111.
    The third DMZ would be .112/28 and the range would be .113-.126 with a broadcast address of .127.

    Some background:
    Compaq DL360 G1 1.2 GHZ, 1GB RAM with 36GB SCSI-3 RAID1
    Realtek Gigabit NIC for my (WAN)
    2 Embedded Compaq (Intel) Netelligent 100 MBit NIC's (LAN and DMZ1)
    Dual Port Intel Gigabit NIC (DMZ 2&3)

    2-Netgear GS108T Gigabit Switches for DMZ 2 & 3.
    2-Dlink 8 Port 100 Mbit switch for LAN and DMZ1.

    Sorry for the novel - TIA.

    Toz

    0

  • What is your question? :)
    If it's doable?

    One thing i learned the hard way when applying changes to an existing network:
    Try not to plan this only in text form.
    Make diagramms.
    Visualize your network: Before –> After

    Define steps between "Before" and "After" between which you can make tests if the changes are working.
    If you have Hardware running live during the changes: have a backup-plan for your hardware that should stay reachable if the changes should go wrong and you need to revert the changes.

    0
  • T

    Thanks for the reply. My question is will this work - with the subnetting in particular. If I have a 26 bit range if IP addresses assigned by my provider. Can I just create 5 networks out of that space by increasing the subnet to 28 bit without any additional configuration changes?

    -Toz

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy