Replace Cisco Router from ISP (16 IPs) [solved]

  • Dear all,

    I'm trying to replace the Cisco Router from our ISP with a new APU.1d4. We have a public /28 Network with is transparently routed throw the Cisco.

    Following Setup so far:

    WAN is set to DHCP (ISP MAC address Reservation) = 2x.x.x.x
    LAN is set to 1st IP /28 from our range, lets call it 1x.x.x.1 to 1x.x.x.14

    on LAN is a stupid 1GbE 8 Port Switch
    Rules are set to allow from WAN to LAN - (upstream to machines behind are also a pfsenses running)

    sound's simple but a can't figur out the following Problem:

    I can reach via the 1st pfsense (2.x.x.x) the machines behind, eg. 1x.x.x.3 via FTP or MySQL DB Connect

    with the IPS Cisco my public IP addesses shows up as 1x.x.x.3
    with the pfSense my public IP is 2x.x.x.x

    because of some database connections from customers outside our public IP should be shown, but not the WAN address from ISP.

    sorry for my bad english ;)

    thank you in advance


  • You probably have a routed subnet, you should disable nat.

    Edit: and add firewall rule for every port forward in the WAN section in your firewall. Otherwise the firewall is blocking it (default deny from wan to lan)

  • Problem solved, Thank you a lot!

