• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Need help with routing/bridge/NAT UPDATED

Scheduled Pinned Locked Moved NAT
4 Posts 2 Posters 892 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    tpfnd
    last edited by Mar 20, 2016, 2:21 AM Mar 18, 2016, 8:39 PM

    Hello, all! I am attempting to upgrade my pfsense box to use three NICS. I have 5 public IPs, I have one as WAN, one as LAN, and the last as OPT1. I want the LAN to have one IP, and the OPT1 to route out the other four to a separate switch, in a DMZ format. That switch will run to my two hyper-V boxes which both have two NICS; one for the internal network and one for the DMZ.  I will specify the four IPs directly in the Hyper-V 2012 virtual machines.

    IP allocation:

    WAN: 172.xx.xx.105/29
    LAN: 10.0.0.1
    OPT1: no assignment
    DMZ 172.xx.xx.106-109

    I made a bridge between WAN and OPT1. I then assigned the bridge to OPT2, and assigned 4
    virtual IP (IP Alias) for 106, 107, 108, and 109. Gave OPT1 an any-any rule.  The page for 106 comes up internally, but times out externally still.

    ![base network.jpg_thumb](/public/imported_attachments/1/base network.jpg_thumb)
    ![base network.jpg](/public/imported_attachments/1/base network.jpg)

    1 Reply Last reply Reply Quote 0
    • M
      muswellhillbilly
      last edited by Mar 22, 2016, 9:36 AM

      @tpfnd:

      IP allocation:

      WAN: 172.xx.xx.105/29
      LAN: 10.0.0.1
      OPT1: no assignment
      DMZ 172.xx.xx.106-109

      You don't indicate this specifically, but it looks like you have the same network ranges operating on your WAN and DMZ. Nothing from outside will be able to get to anything on the DMZ if both networks occupy the same network space.

      1 Reply Last reply Reply Quote 0
      • T
        tpfnd
        last edited by Mar 22, 2016, 1:11 PM

        Yeah, it's confusing with my wording; I'm meaning DMZ in that those four IPs are not behind the same firewall rules as the LAN, DMZ here is a "separate segment" in relation to the LAN. ATM they have no ports blocked at all, since I'm doing that on the individual virtual machines themselves as they'll be running different services depending on my current projects.

        I actually got it to work! Here's what I did:

        Enable OPT1, no IP assignment
        Assign virtual IPs 106-109 to WAN
        Bridge OPT1 to WAN (becomes interface BRIDGE0)
        Enable BRIDGE0, it becomes OPT2
        Add rule on WAN for * / vIP 106-109
        Add rule on OPT1 and OPT2 for * / *
        Plug LAN cable from OTP1 into separate switch
        Plug 2nd NIC on Hyper-V to switch
        Assign virtual IPs to 2nd hpv virtual switch interface
        Configure virtual OS to use external IP, external gateway, etc.

        Basically OTP1 becomes transparent, just passing * / * to whatever is connected to the DMZ switch. I might not need the two * * rules on OPT1 or OPT2. But the virtual machine's website (turnkey Drupal) is coming up on external boxes (had a friend in another city test) now.

        I wrote up a howto on the Hyper-V part at http://meow.tpfnd.cat/node/21 and will soon be adding one for the pfSense side.

        1 Reply Last reply Reply Quote 0
        • T
          tpfnd
          last edited by Mar 22, 2016, 5:11 PM

          tutorial with screenshots

          http://meow.tpfnd.cat/node/20

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received