NooB Question

bigmatlem

I am new to PfSense and need some help.  I'm migrating from DD-WRT hey laugh all you want I like it.  Anyway I am confused by not being able to route using IPtables.  I have Cox internet with static IP addresses.  Cox gives me a gateway set and another public set behind the gateway which I used vlan to route in dd-wrt.  Here is a small graphic of it…

Static IP used as gateway address:  123.456.789.012 / 28
            vlan other public addresses: 210.987.654.321
            use ip tables to move 210.987.654.321 to 192.168.xxx.xxx addresses

In PFSENSE do gatway the 123 addresses then input vlan with 210 then manually input the 192 addresses in the firewall?

muswellhillbilly

@bigmatlem:

Anyway I am confused by not being able to route using IPtables.

PfSense doesn't use iptables. Iptables is a scripted system which manipulates the tables within the Linux (not BSD) kernel.
@bigmatlem:

In PFSENSE do gatway the 123 addresses then input vlan with 210 then manually input the 192 addresses in the firewall?

No idea what you're asking here. I think it may have something to do with port-forwarding, but I'd rather not just guess.

bigmatlem

My question I guess is how do I route the vlan to the private IP addresses.

johnpoz

So cox routes a network segment to your public..

"Cox gives me a gateway set and another public set behind the gateway"

So for example you have 1.2.3.0/30 with 1.2.3.1 being cox gateway and 1.2.3.2 being your wan public IP.  And they gave you say 4.5.6.0/29 which you want to use behind pfsense.

Well create a interface on pfsense say lan or opt1 and give it 4.5.6.1/29 and then your device in this network/vlan could be 4.5.6.2, .3, .4, etc.. using 4.5.6.1 as their gateway.

You would make sure pfsense is not natting this - and there you go done deal.

Or do you want to use this 4.5.6.0/29 on pfsense wan and nat it to a private range of say 192.168.6.0/29 ??  You could do that as well with 1:1 natting.

bigmatlem

Thanks guys you got me on track.  I also just bought the book so here we go.  Another notch on my belt.

Ramosel

It was actually a good question….  But your subject line stunk.

You'll really find it helpful for you and those that follow when your subject lines have real meaning or at least contextual meaning...  not "NooB Question".  You're "NooB Question" would be a great opening line in the message body.

I still keep a Linksys e4200 with the latest, tested DD-WRT beta from Seb (physically) sitting at my network entry as a backup for my pfSense box.  Sometimes I throw it online to confirm network issues are in my configuration - It can be a real sanity check.  You'll find pfSense and its packages are so much more powerful but for testing connectivity, DD-WRT just works.

Rick