VLAN without NAT
-
At my company we are managing internet facilities for shared business buildings. The business building has several units for hire and all are patched to one central place. Most of the business units are already hired and supplied by an internet connection by us.
Our current infrastructure is build up of a Fibre WAN ISP, Cisco 3400, Pfsense C2758 and a HP Procurve 48 ports switch. The Cisco 3400 is connected to the Fibre WAN, the Pfsense is connected at one of the Cisco 3400 ports and the HP switch is connected to the Pfsense C2758. Unmanaged customers are connected to one of the Cisco 3400 ports. The Cisco 3400 switch does traffic shaping for unmanaged customers. On the Cisco 3400 switch we assign an external ip address to one of the ports, a customer uses our given/configured ip/subnet/gateway address for in his own router.
Managed internet customers are connected to the Pfsense box. All managed customers uses the same external IP address. DHCP/Firewalling is of course done by the Pfsense box.
We want to upgrade our current ISP contract to a 300mbits connection (currently 100mbits). The problem is that the Cisco 3400 can't handle traffic over 100Mbits. The Pfsense box does have gigabit ports and can handle the traffic from the ISP. We want to remove the Cisco 3400 and connect the Pfsense box directly to the ISP. For the unmanaged customers we want to place a 24 ports switch connected to the Pfsense box. Question is, how do we setup a VLAN for the new switch with an unmanaged connection (NO NAT).
Our ISP have given the exact external IP address. Three different ranges of IP addresses.
See in the attachment our network design current and new.
-
You should give details about what you get from your ISP and how you want to distribute that. This is a bit vague and leaves much room for speculations.
-
Thanks for your reply!
From our ISP we currently have a Internet cable connected into the cisco 3400.
From the ISP we got three differtent ranges of external ip addresses. When I connect the ISP cable to my computer and I enter an external address manualy in my NIC, I have internet connection.We already have 20 VLAN's setup for managed customers, We want to create new VLAN's on the Pfsense box for the current unmanaged customers connected to the Cisco 3400. Every new VLAN must have a different external IP address.
Sorry for my English :L
-
Nice description.
And what's not working? -
Maybe this will help you https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses
Unless you tell us what you already did and what is not working it is impossible to give advise. -
I want to create a Virtual IP address 80.234.20.6 allow all incomming traffic and no NAT only route directly to WAN. I have tried it with an ip alias but that is still nat, isn't it?
-
VIP is more like ARP spoofing. Your interface announces that it is several different IP addresses. Typically you would use a VIP in conjunction with a port forward to allow external users to access internal resources via different IP addresses. I do this here. I have only one WAN and a /28 block. I use virtual IPs to give a unique IP address to my mail server, web server, FTP server, demo systems, DNS, etc etc.
-
@KOM:
VIP is more like ARP spoofing. Your interface announces that it is several different IP addresses. Typically you would use a VIP in conjunction with a port forward to allow external users to access internal resources via different IP addresses. I do this here. I have only one WAN and a /28 block. I use virtual IPs to give a unique IP address to my mail server, web server, FTP server, demo systems, DNS, etc etc.
Hi Thanks for your reply. I unsterstand that process, isn't it possible to just route so I can configure the external address on my server? (so pfsense is acting like a switch for that interface?)
-
Okay Found it! I have created a interface bridge between WAN & LAN. I have configured an external ip on my machine and it is working :D
