Router - pfsense - servers

marin

Hi,

What is the proper configuration to assigned real ips to http and mail server with the following structure ?

(wan: 80.250.252.28) Zyxel router (10.1.3.1) <–->(10.1.3.2) pfsense (lan: 10.1.2.1) <--->(lan:10.1.2.224) http (Real IP:80.250.31.224)
                                                                                                                    <--->(lan:10.1.2.225) mail (Real IP:80.250.31.225)

Also, for some applications I can not change the router to bridge mode.

GruensFroeschli

Unless you can set the router into bridge-mode, is this not a pfSense question, but a zyxel-router question.

marin

I just mentioned that I can not set the router to bridge mode. The question is about the proper settings for the above structure  ?

GruensFroeschli

And like i said: unless you can set the router into bridge mode, is this not a pfSense problem.

You need to configure your zyxel router so it accepts traffic for your real IP's 80.250.31.224 and 80.250.31.225 and forwards it to pfSense.

IF you can configure it so it does that…..
If you can achieve that (to my knowledge no zyxel router is capable of doing that) you could create 2 VIP's in the 10.1.3.x subnet (one for each server) and 1:1 NAT them to your server and redirect the traffic from your zyxel router to these VIP's.

zipeee

Since your router can't do DHCP spoofing/Half-Bridge mode, I'd change the router's LAN IP to 192.168.0.1/24 and make the Pfsense Wan Interface 192.168.0.2/24.  Then set the DMZ on the router to route all traffic to the pfsense wan interface.  It's not pretty, but I have to use this solution; and I haven't had any problems with the double NAT translation–even with SIP (Voip) which is a pain when it comes to NAT.