Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Pf Beginner requesting help

    General pfSense Questions
    3
    7
    2238
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      digimedia last edited by

      I wasn't sure whether this topic would go under NAT, CARP, or MultiWan so here it goes. I have gone through countless pages and endless searching and, not that i havent seen a solution through searching, i somewhat dont understand it due to different setups etc. I am hoping this will be trivial for the experts out there so please advise this noob on how to set this up correctly.

      At present i have:
      1 /32 ip by ISP
      block of 4 on /30 also provided by ISP.

      I am currently running an ADSL modem on full-bridge mode and the pfsense box is handling the authentication via PPPoE. I have gone through several posts, and i am somewhat confused by the interchangable terms like 'using VLAN, Virtual IPs, CARP as opposed to ProxyARP, and 1:1;. Could somebody out there possibly provide me with some light as to how i could get these additional IPS operational.

      Any help is much appreciated.

      Cheers.

      1 Reply Last reply Reply Quote 0
      • S
        sai last edited by

        probably best if you put up a network diagram of what you are trying to implement. include the ip addresses , masks and gateway of everything.

        1 Reply Last reply Reply Quote 0
        • D
          digimedia last edited by

          Thank you for your reply Sai,

          I roughly sketched up what i want to achieve out of the network, but if you have any suggestions that may improve this(because i think this design is very flawed), let me know. What i have done so far is ive managed to map the /30 ips by creating VLANS. What i want to do now is to be able to map those /30s to communicate with my /24 machines. Im not sure if that feasible or not for a /30 to point to a /24. Im confused as to how i should i approach this. Please provide me with some guidance.

          Thanks in advance.


          1 Reply Last reply Reply Quote 0
          • S
            sai last edited by

            you dont need VLANS.  http://en.wikipedia.org/wiki/VLAN

            if you want to map your REAL ip addresses (on the /30) to your private ip addresses (on the /24) then you need NAT

            so, if anyone on the internet tries to access your real ip he gets through to your server with a private ip ?

            Let say that you have a.b.c.d as your WAN address. You want this to NAT to your mail server on 192.168.1.66  , so that when someone sends mail to you the mail server can handle it

            Firewall: NAT: Port Forward
            add a rule
            Interface: WAN
            External address: Interface address (if you want to add more IP addresses here you need to do this under Proxy ARP in the Firewall: Virtual IP Address menu)
            External port range: the range of ports on the incoming packets (for mail that would be port 25 to port 25)
            NAT IP:  192.168.1.66
            Local port: 25
            Description: SMTP packets to be sent to the mail server

            now you need to add a firewall rule for this , which can be done by keeping the tick box next to "Auto-add a firewall rule to permit traffic through this NAT rule"

            1 Reply Last reply Reply Quote 0
            • D
              digimedia last edited by

              Thanks again for your reply Sai,

              Ill give that a shot, then ill let you know.

              Cheers.

              Edit: Instead of manually creating entries for every port, is there a faster way to open all ports to an internal PC using this method? (DMZ)

              1 Reply Last reply Reply Quote 0
              • GruensFroeschli
                GruensFroeschli last edited by

                Well you can define port ranges instead of single ports.

                If you have multiple single ports you want to forward: use aliases

                1 Reply Last reply Reply Quote 0
                • D
                  digimedia last edited by

                  Thank you Sai and GruensFroeschli,

                  Your support has been much appreciated.

                  This thread can be closed.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy