Chris Hellyar wrote:
Hi folks..
Yuri is right, I've got a mail server, web server, asterisk box and
shell box which all have seperate IP's (on two subnets) which hang off
different inbound ports.
The 504T did have the ability to do it with the old firmware, but I
patched it to support ADSL2 and it put the 'upgrade' gave a new
interface where you have to add the internal servers to a list of 'Lan
Servers' which can only be on the same subnet as the internal of the
router, and then add the virtual servers by port o one of the 'Lan
Server' addresses..
So it can only port forward to one internal IP, and not on the LAN
behind the pfsense box, only on the pfsense box itself, which of course
I can port forward on, but I'm using the system for testing some
stateless UDP stuff that dosn't like multiple NAT hops...
Anyway, I've got around the problem for the moment, by using a borrowed
Cisco 800 in half-bridge mode, and putting the external IP on the
pfsense WAN port.
Thinking about it a bit more I could have just used the 'dmz' setting in
the 504T to route all inbound traffic to the pfsense and nat it from
there, but I might fall on the too-much-nat sword. I might give that a
go tomorrow night when I've finished the current testing process.
Hmmmm, or I should just buy one of these Cisco units. Not cheap, but a
far better device than any of the consumer junk out there. Might have
to wait for Xmas on that...
The other thing I might look at is using a decent quality modem (Linksys
AM300?) in half-bridge mode, which would do the same as the cisco for
1/8th the price..
Cheers, Me.
I'd use Pfsense for everything and just use a bridge/half-bridge router.
Well, that's what I do , anyway. -)
Any brand has it's bad apples so not sure I could recommend one over any
other.
The benefit of Linksys is that if you don't like the firmware, you can
always download another. (OpenWRT being one I used in the past)
Cheers, Brat.
