Configuration with 1 WAN, 1 LAN, and 3 seperate DMZ Interfaces.
-
I have an existing pfSense installation with a simple static WAN IP and a NAT'ed LAN subnet on an RFC 1918 address scheme (192.168.20.0/24). Any public IP's are 1:1 NAT'ed from the RFC 1918 address to it's corresponding public address. We have 62 public addresses with a 26 bit mask, the fourth octet beginning with 64 and ending in 127. I'd like to break the block into 4 subnets with a 28 bit mask and would like a second opinion for my plan as I have a production mail server running and need to have a solid plan before I begin.
If I assign the WAN interface xxx.xxx.xxx.66/28 my WAN subnet would be from .65 to .79.
The first DMZ would be .80/28 and the range would be .81-.94 with a broadcast address of .95.
The second DMZ would be .96/28 and the range would be .97-.110 with a broadcast address of .111.
The third DMZ would be .112/28 and the range would be .113-.126 with a broadcast address of .127.Some background:
Compaq DL360 G1 1.2 GHZ, 1GB RAM with 36GB SCSI-3 RAID1
Realtek Gigabit NIC for my (WAN)
2 Embedded Compaq (Intel) Netelligent 100 MBit NIC's (LAN and DMZ1)
Dual Port Intel Gigabit NIC (DMZ 2&3)2-Netgear GS108T Gigabit Switches for DMZ 2 & 3.
2-Dlink 8 Port 100 Mbit switch for LAN and DMZ1.Sorry for the novel - TIA.
Toz
-
What is your question? :)
If it's doable?One thing i learned the hard way when applying changes to an existing network:
Try not to plan this only in text form.
Make diagramms.
Visualize your network: Before –> AfterDefine steps between "Before" and "After" between which you can make tests if the changes are working.
If you have Hardware running live during the changes: have a backup-plan for your hardware that should stay reachable if the changes should go wrong and you need to revert the changes. -
Thanks for the reply. My question is will this work - with the subnetting in particular. If I have a 26 bit range if IP addresses assigned by my provider. Can I just create 5 networks out of that space by increasing the subnet to 28 bit without any additional configuration changes?
-Toz