PfSense newbie: T1 > Cisco 1721 > pfSense > … multiple public IP addresses?

  • OK, pfSense newbie here… small office is getting a T1 line, either 8 or 6 public IP addresses will be available. Comes in over a managed Cisco 1721 router from AT&T.

    3 machines within the LAN need to be accessible to the outside world via those public IP addresses (serving HTTP/SSH/VoIP). The other 20 or so machines just need to be able to access the internet (NAT is fine I guess?).

    1. Can pfSense do this? Basically it's just utilizing multiple public WAN IP addresses and forwarding them to a specific LAN address.
    2. Is the the right way to do things? Is there a better way to set things up?
    3. If pfSense can do #1, can I also choose to only allow certain ports (only open up port 80 to the outside world?)
    4. One of these machines is an Asterisk VoIP box... can I QoS that box to give it priority to the T1 connection?
    5. Is a P3 1ghz, 128mb of RAM enough to handle the traffic over a T1?

    • Thanks!

  • 1: yes
    2: create VIP's for each public IP you have. Use the VIP's in your port forwardings.
    3: NAT and firewall are separate. You create them independant –> yes
    4: Take a look at the Traffic Shaper Forum. I'm not sure if you can shape multiple different IP's. Maybe the new shaper can do that.
    5: That should be adequat.

  • 128 MB of RAM is the minimum supported.  If you ever plan on adding any packages you'll want to add more RAM.

Log in to reply