I've got a /24 network (public IP addresses) which I'd like to firewall with pfSense. I would like to give the firewall(s) a public IP as well, for administration. (I also have a private 10.0.0.x network (each machine has 2 NICs) over a different smart switch which is connected to the main switch which I mention just for the sake of completeness, because it shouldn't interfere with this setup).
I would like to use a smart switch's VLAN feature to be able to patch things around (such as bypassing the firewall altogether, or switch to a standby firewall in case of the primary's failure) without being physically present at the location. The switch already has a public IP for administration, so presumably I can't lock myself out, other than by doing dumb things, like disabling the switch port to the gateway, or similiar. So far, I've only used pfSense for NATed setups with one public IP address for WAN and the usual private networks for LAN. So I presume I would need to choose "static IP" in General configuration, and put my, let's say 1.2.3.0/24 as WAN IP address(network), and 1.2.3.1 as my gateway. But how do I choose the IP for the firewall's administrative interface itself? Perhaps that's the wrong approach. Do I need WAN/LAN bridging? Something else? -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
signature.asc
Description: Digital signature
