Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi IP wan / Bridge to different interface.

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 466 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nzcam
      last edited by

      Hello,
      I have an embedded pfsense running 2.2.6.
      I wish to run a service on RHEL which requires a license and insists on a public ip or registration will fail. Im not overly enamoured by having it internet facing, but I'll trial it and see how it goes.
      it is for the above reason I don't believe the standard 1:1 NAT is going to work.

      I have got an a /30 from my ISP which equates to 4 ips, with 2 being usable + gw and broadcast.

      Here is what I've done.

      _________________                                      ____________                      _______      _____________
      |  60.240.xxx.xxx.3  |WAN PPPOE re0|pfSense          |re1|Switch  ||192.168.0.1/24|
      |
      |                        |            ||                  ||    |
      ____ |
                                                              |                  |                 
      additional IPs_                              |                  |                                        ______________
      |14.xxx.xxx.24  |_____________|                  |14.xxx.xxx.25(re2)| 14.xxx.xxx.26  |
      | /30
      |                                                                                            |_____________|

      I've been reading a ton of forum posts and they all seem to want to use NAT 1:1 and IP Alias's of some sort, because I'm effectively using a transparent bridge for re2, I think it means that i don't need all that. But im curious to know if im on the right track.
      In order to achieve the above, I have done the following:

      1/ Create a new interface assigned to DMZ(re2) and assign the 14.xxx.xxx.25  (Upstream GW = no) (untick "Block Private Networks")

      2/ Create a bridge between WAN(re0) and DMZ(re2) interfaces.

      3/ Write a WAN rule with a destination of 14.xxx.xxx.24/30 (All Ports)

      4/ Write a DMZ rule with a destination,Port, Gateway of *

      Is it this simple?
      Have I created any risks to the LAN by doing this? - it all seems to be working, just not sure its best practice.
      Also it seems I've sacrificed an IP for the interface - is there another way of doing it?

      Regards

      Cam

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.